# Flog Txt Version 1 # Analyzer Version: 2023.4.1 # Analyzer Build Date: Nov 10 2023 06:23:34 # Log Creation Date: 21.11.2023 00:28:03.069 Process: id = "1" image_name = "fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe" filename = "c:\\users\\oqxzraykm\\desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe" page_root = "0xcd22000" os_pid = "0x17d4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0xa00" cmd_line = "\"C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe\" " cur_dir = "C:\\Users\\OqXZRaykm\\Desktop\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001cfa9" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 146 start_va = 0x10000 end_va = 0x1bfff monitored = 1 entry_point = 0x1751a region_type = mapped_file name = "fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe" filename = "\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe") Region: id = 147 start_va = 0x20000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 148 start_va = 0x40000 end_va = 0x5cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 149 start_va = 0x60000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 150 start_va = 0x160000 end_va = 0x163fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 151 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 152 start_va = 0x180000 end_va = 0x181fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 153 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 154 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 155 start_va = 0x7ff5fffc0000 end_va = 0x7ff5fffc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffc0000" filename = "" Region: id = 156 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 157 start_va = 0x7ffaa5370000 end_va = 0x7ffaa5563fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 310 start_va = 0x7ff5fdfb0000 end_va = 0x7ff5fffb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fdfb0000" filename = "" Region: id = 311 start_va = 0x7ff4fdf90000 end_va = 0x7ff5fdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdf90000" filename = "" Region: id = 312 start_va = 0x400000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 313 start_va = 0x7ffa877f0000 end_va = 0x7ffa87854fff monitored = 1 entry_point = 0x7ffa8781bd50 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 314 start_va = 0x7ffaa3a50000 end_va = 0x7ffaa3b0cfff monitored = 0 entry_point = 0x7ffaa3a67070 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 315 start_va = 0x7ffaa2ff0000 end_va = 0x7ffaa32b6fff monitored = 0 entry_point = 0x7ffaa3001bd0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 316 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 317 start_va = 0x7ff4fde90000 end_va = 0x7ff4fdf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff4fde90000" filename = "" Region: id = 318 start_va = 0x400000 end_va = 0x4c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 319 start_va = 0x560000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 320 start_va = 0x660000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 321 start_va = 0x30000 end_va = 0x36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 322 start_va = 0x7ffaa04d0000 end_va = 0x7ffaa055ffff monitored = 0 entry_point = 0x7ffaa04e0880 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 323 start_va = 0x7ff4fdab0000 end_va = 0x7ff4fde8cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 324 start_va = 0x7ffaa51a0000 end_va = 0x7ffaa5249fff monitored = 0 entry_point = 0x7ffaa51b5470 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 325 start_va = 0x7ffaa3ca0000 end_va = 0x7ffaa3d3dfff monitored = 0 entry_point = 0x7ffaa3ca7850 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 326 start_va = 0x660000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 327 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 328 start_va = 0x7ffaa3540000 end_va = 0x7ffaa35dafff monitored = 0 entry_point = 0x7ffaa355c3e0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 329 start_va = 0x7ffaa3e50000 end_va = 0x7ffaa3f72fff monitored = 0 entry_point = 0x7ffaa3eada30 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 330 start_va = 0x190000 end_va = 0x196fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 331 start_va = 0x7c0000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 332 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 333 start_va = 0x7ffa86760000 end_va = 0x7ffa86808fff monitored = 1 entry_point = 0x7ffa86768150 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 334 start_va = 0x7ffaa35e0000 end_va = 0x7ffaa3634fff monitored = 0 entry_point = 0x7ffaa35ea7e0 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 335 start_va = 0x1b0000 end_va = 0x1b6fff monitored = 1 entry_point = 0x1b751a region_type = mapped_file name = "fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe" filename = "\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe") Region: id = 336 start_va = 0x7ffaa0a60000 end_va = 0x7ffaa0a72fff monitored = 0 entry_point = 0x7ffaa0a63f60 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 337 start_va = 0x7ffa9f790000 end_va = 0x7ffa9f799fff monitored = 0 entry_point = 0x7ffa9f791390 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 338 start_va = 0x980000 end_va = 0x1446fff monitored = 1 entry_point = 0x9863c0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 339 start_va = 0x7ffa80600000 end_va = 0x7ffa810c6fff monitored = 1 entry_point = 0x7ffa806063c0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 340 start_va = 0x7ffa96410000 end_va = 0x7ffa96425fff monitored = 0 entry_point = 0x7ffa9641c000 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\System32\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\system32\\vcruntime140_clr0400.dll") Region: id = 341 start_va = 0x7ffaa36e0000 end_va = 0x7ffaa387ffff monitored = 0 entry_point = 0x7ffaa36f7a10 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 342 start_va = 0x7ffa85440000 end_va = 0x7ffa854fcfff monitored = 0 entry_point = 0x7ffa854c7db0 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\System32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\system32\\ucrtbase_clr0400.dll") Region: id = 343 start_va = 0x7ffaa2f20000 end_va = 0x7ffaa2f41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll") Region: id = 344 start_va = 0x7ffaa4760000 end_va = 0x7ffaa4789fff monitored = 0 entry_point = 0x7ffaa47648d0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 345 start_va = 0x7ffaa2ae0000 end_va = 0x7ffaa2be9fff monitored = 0 entry_point = 0x7ffaa2b11300 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll") Region: id = 346 start_va = 0x7ffaa2f50000 end_va = 0x7ffaa2fecfff monitored = 0 entry_point = 0x7ffaa2f65390 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 347 start_va = 0x7ffaa2d50000 end_va = 0x7ffaa2e4ffff monitored = 0 entry_point = 0x7ffaa2d65ac0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 348 start_va = 0x1b0000 end_va = 0x1b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 349 start_va = 0x1c0000 end_va = 0x1edfff monitored = 0 entry_point = 0x1c14d0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 350 start_va = 0x980000 end_va = 0xb7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 351 start_va = 0x7ffaa3e20000 end_va = 0x7ffaa3e4ffff monitored = 0 entry_point = 0x7ffaa3e214d0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 352 start_va = 0x7c0000 end_va = 0x940fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 353 start_va = 0x970000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 354 start_va = 0xb80000 end_va = 0x1f80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b80000" filename = "" Region: id = 355 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 356 start_va = 0x7ffaa3f80000 end_va = 0x7ffaa42d3fff monitored = 0 entry_point = 0x7ffaa4071d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 357 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 358 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 359 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 360 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 361 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 362 start_va = 0x7ffa20f90000 end_va = 0x7ffa20f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa20f90000" filename = "" Region: id = 363 start_va = 0x7ffa20fa0000 end_va = 0x7ffa20faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa20fa0000" filename = "" Region: id = 364 start_va = 0x7ffa20fb0000 end_va = 0x7ffa2103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa20fb0000" filename = "" Region: id = 365 start_va = 0x7ffa21040000 end_va = 0x7ffa210affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa21040000" filename = "" Region: id = 366 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 367 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 368 start_va = 0x1f90000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 369 start_va = 0x510000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 370 start_va = 0x2000000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 371 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 372 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 373 start_va = 0x2100000 end_va = 0x1a0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 374 start_va = 0x1a100000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a100000" filename = "" Region: id = 375 start_va = 0x1a480000 end_va = 0x1a581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a480000" filename = "" Region: id = 376 start_va = 0x1a590000 end_va = 0x1a68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a590000" filename = "" Region: id = 377 start_va = 0x1a690000 end_va = 0x1a9c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 378 start_va = 0x7ffa7f000000 end_va = 0x7ffa805fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\de013c985ad100d05dc94ec118f77b92\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\de013c985ad100d05dc94ec118f77b92\\mscorlib.ni.dll") Region: id = 379 start_va = 0x7ff4fddf0000 end_va = 0x7ff4fde8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fddf0000" filename = "" Region: id = 380 start_va = 0x7ff4fdde0000 end_va = 0x7ff4fddeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdde0000" filename = "" Region: id = 381 start_va = 0x7ffa210b0000 end_va = 0x7ffa2112ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa210b0000" filename = "" Region: id = 382 start_va = 0x7ffaa4800000 end_va = 0x7ffaa4928fff monitored = 0 entry_point = 0x7ffaa4826140 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 383 start_va = 0x7ffaa3f80000 end_va = 0x7ffaa42d3fff monitored = 0 entry_point = 0x7ffaa4071d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 384 start_va = 0x1a9d0000 end_va = 0x1aaa2fff monitored = 0 entry_point = 0x1a9ed190 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 385 start_va = 0x1a9d0000 end_va = 0x1ab14fff monitored = 0 entry_point = 0x1aa2a9b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 386 start_va = 0x7ffaa2e50000 end_va = 0x7ffaa2ecefff monitored = 0 entry_point = 0x7ffaa2e873e0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 387 start_va = 0x7ffa7eeb0000 end_va = 0x7ffa7effefff monitored = 1 entry_point = 0x7ffa7eeb1090 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll") Region: id = 388 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 389 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 390 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 391 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 392 start_va = 0x7ffa21130000 end_va = 0x7ffa2113ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa21130000" filename = "" Region: id = 393 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 394 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 395 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 396 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 397 start_va = 0x1a9d0000 end_va = 0x1aacffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a9d0000" filename = "" Region: id = 398 start_va = 0x1aad0000 end_va = 0x1abcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aad0000" filename = "" Region: id = 399 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 400 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 401 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 402 start_va = 0x7ffa7e230000 end_va = 0x7ffa7eea0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\808887ebadf1a37835b907c866cede3c\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\808887ebadf1a37835b907c866cede3c\\system.ni.dll") Region: id = 403 start_va = 0x7ffa7d7b0000 end_va = 0x7ffa7e224fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\bd42a6d2da6a5a79a9f5db3fa08a5283\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\bd42a6d2da6a5a79a9f5db3fa08a5283\\system.core.ni.dll") Region: id = 404 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 405 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 406 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 407 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 408 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 409 start_va = 0x1abd0000 end_va = 0x1ad6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001abd0000" filename = "" Region: id = 410 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 411 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 412 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 413 start_va = 0x7ffa83740000 end_va = 0x7ffa83933fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\daba68776a7c26bc8eee56f012716bce\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\daba68776a7c26bc8eee56f012716bce\\system.drawing.ni.dll") Region: id = 414 start_va = 0x7ffa7c700000 end_va = 0x7ffa7d7a5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\2ff77c92ef5d149d33261c674c7ccfe4\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\2ff77c92ef5d149d33261c674c7ccfe4\\system.windows.forms.ni.dll") Region: id = 415 start_va = 0x7ffaa05a0000 end_va = 0x7ffaa063efff monitored = 0 entry_point = 0x7ffaa05c9120 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 416 start_va = 0x1aad0000 end_va = 0x1abeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aad0000" filename = "" Region: id = 417 start_va = 0x1abe0000 end_va = 0x1abeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001abe0000" filename = "" Region: id = 418 start_va = 0x1ad60000 end_va = 0x1ad6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad60000" filename = "" Region: id = 419 start_va = 0x520000 end_va = 0x521fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 420 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 421 start_va = 0x7ffa83600000 end_va = 0x7ffa83732fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\9e05584a25afa1da195dc4959a902595\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\9e05584a25afa1da195dc4959a902595\\system.configuration.ni.dll") Region: id = 422 start_va = 0x7ffa7be50000 end_va = 0x7ffa7c6fafff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\238862161c05eb67325815002be6719c\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\238862161c05eb67325815002be6719c\\system.xml.ni.dll") Region: id = 423 start_va = 0x7ffaa49b0000 end_va = 0x7ffaa50e0fff monitored = 0 entry_point = 0x7ffaa4abe6e0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 424 start_va = 0x7ffaa0c60000 end_va = 0x7ffaa13e9fff monitored = 0 entry_point = 0x7ffaa0e1c050 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 425 start_va = 0x7ffaa24c0000 end_va = 0x7ffaa24eafff monitored = 0 entry_point = 0x7ffaa24c2db0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 426 start_va = 0x7ffaa3430000 end_va = 0x7ffaa34ddfff monitored = 0 entry_point = 0x7ffaa346b940 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 427 start_va = 0x530000 end_va = 0x530fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 428 start_va = 0x7ffaa29f0000 end_va = 0x7ffaa2a0efff monitored = 0 entry_point = 0x7ffaa29f8ca0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 429 start_va = 0x7ffaa2ab0000 end_va = 0x7ffaa2ad6fff monitored = 0 entry_point = 0x7ffaa2ab8690 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 430 start_va = 0x7ffaa23b0000 end_va = 0x7ffaa23c7fff monitored = 0 entry_point = 0x7ffaa23b4aa0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 431 start_va = 0x7ffaa1b70000 end_va = 0x7ffaa1ba3fff monitored = 0 entry_point = 0x7ffaa1b76e70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 432 start_va = 0x7ffaa23d0000 end_va = 0x7ffaa23dbfff monitored = 0 entry_point = 0x7ffaa23d2200 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 433 start_va = 0x1aad0000 end_va = 0x1ab7bfff monitored = 0 entry_point = 0x1ab4ff10 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1_none_4b395a7b3c8e63ab\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1_none_4b395a7b3c8e63ab\\comctl32.dll") Region: id = 434 start_va = 0x7ffa95c40000 end_va = 0x7ffa95ceffff monitored = 0 entry_point = 0x7ffa95cbff10 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1_none_4b395a7b3c8e63ab\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1_none_4b395a7b3c8e63ab\\comctl32.dll") Region: id = 435 start_va = 0x1aad0000 end_va = 0x1abcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aad0000" filename = "" Region: id = 436 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 437 start_va = 0x1aad0000 end_va = 0x1abb1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001aad0000" filename = "" Region: id = 438 start_va = 0x1abc0000 end_va = 0x1abcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001abc0000" filename = "" Region: id = 439 start_va = 0x540000 end_va = 0x543fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 440 start_va = 0x760000 end_va = 0x760fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 441 start_va = 0x770000 end_va = 0x776fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 442 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 443 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 444 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 445 start_va = 0x950000 end_va = 0x95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 446 start_va = 0x960000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 447 start_va = 0x1f90000 end_va = 0x1f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 448 start_va = 0x1ff0000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 449 start_va = 0x1fa0000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 450 start_va = 0x1fb0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 451 start_va = 0x1fc0000 end_va = 0x1fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fc0000" filename = "" Region: id = 452 start_va = 0x1fd0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 453 start_va = 0x1fe0000 end_va = 0x1feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 454 start_va = 0x1abd0000 end_va = 0x1abdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001abd0000" filename = "" Region: id = 455 start_va = 0x1abf0000 end_va = 0x1abfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001abf0000" filename = "" Region: id = 456 start_va = 0x1ac00000 end_va = 0x1ac0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ac00000" filename = "" Region: id = 457 start_va = 0x1ac10000 end_va = 0x1ac1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ac10000" filename = "" Region: id = 458 start_va = 0x1ac20000 end_va = 0x1ac2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ac20000" filename = "" Region: id = 459 start_va = 0x7ffa86c50000 end_va = 0x7ffa86df5fff monitored = 0 entry_point = 0x7ffa86ca6b40 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.207_none_faee9ef77614c0c2\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.207_none_faee9ef77614c0c2\\gdiplus.dll") Region: id = 460 start_va = 0x1abf0000 end_va = 0x1ac6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001abf0000" filename = "" Region: id = 461 start_va = 0x780000 end_va = 0x780fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 462 start_va = 0x1ad70000 end_va = 0x1ae6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad70000" filename = "" Region: id = 463 start_va = 0x7ffa99c80000 end_va = 0x7ffa99efdfff monitored = 0 entry_point = 0x7ffa99d173a0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 464 start_va = 0x7ffaa3b10000 end_va = 0x7ffaa3c24fff monitored = 0 entry_point = 0x7ffaa3b4eb60 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 465 start_va = 0x7ffaa3d40000 end_va = 0x7ffaa3e14fff monitored = 0 entry_point = 0x7ffaa3d5d190 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 466 start_va = 0x1ae70000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae70000" filename = "" Region: id = 467 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 468 start_va = 0x1f90000 end_va = 0x1fe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 469 start_va = 0x1af70000 end_va = 0x1bf6ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 470 start_va = 0x1bf70000 end_va = 0x1c06dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arial.ttf" filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf") Region: id = 471 start_va = 0x1c070000 end_va = 0x1c46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c070000" filename = "" Region: id = 472 start_va = 0x1ac70000 end_va = 0x1ad1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariali.ttf" filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf") Region: id = 473 start_va = 0x1ac70000 end_va = 0x1ad5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 474 start_va = 0x1ac70000 end_va = 0x1ad20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbi.ttf" filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf") Region: id = 475 start_va = 0x1abf0000 end_va = 0x1ac18fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariblk.ttf" filename = "\\Windows\\Fonts\\ariblk.ttf" (normalized: "c:\\windows\\fonts\\ariblk.ttf") Region: id = 476 start_va = 0x1ac60000 end_va = 0x1ac6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ac60000" filename = "" Region: id = 477 start_va = 0x1abf0000 end_va = 0x1ac4afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bahnschrift.ttf" filename = "\\Windows\\Fonts\\bahnschrift.ttf" (normalized: "c:\\windows\\fonts\\bahnschrift.ttf") Region: id = 478 start_va = 0x1abf0000 end_va = 0x1ac4afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bahnschrift.ttf" filename = "\\Windows\\Fonts\\bahnschrift.ttf" (normalized: "c:\\windows\\fonts\\bahnschrift.ttf") Region: id = 479 start_va = 0x1bf70000 end_va = 0x1c06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 480 start_va = 0x1c470000 end_va = 0x1c56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c470000" filename = "" Region: id = 481 start_va = 0x7a0000 end_va = 0x7a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 482 start_va = 0x1c570000 end_va = 0x1c702fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 483 start_va = 0x1c570000 end_va = 0x1c6cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\calibril.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 484 start_va = 0x1c570000 end_va = 0x1c694fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 485 start_va = 0x1c570000 end_va = 0x1c673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrili.ttf" filename = "\\Windows\\Fonts\\calibrili.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf") Region: id = 486 start_va = 0x1c570000 end_va = 0x1c6f9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrib.ttf" filename = "\\Windows\\Fonts\\calibrib.ttf" (normalized: "c:\\windows\\fonts\\calibrib.ttf") Region: id = 487 start_va = 0x1c570000 end_va = 0x1c68afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibriz.ttf" filename = "\\Windows\\Fonts\\calibriz.ttf" (normalized: "c:\\windows\\fonts\\calibriz.ttf") Region: id = 488 start_va = 0x1c570000 end_va = 0x1c725fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 489 start_va = 0x1ac70000 end_va = 0x1ad49fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriai.ttf" filename = "\\Windows\\Fonts\\cambriai.ttf" (normalized: "c:\\windows\\fonts\\cambriai.ttf") Region: id = 490 start_va = 0x1ac70000 end_va = 0x1ad3dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriab.ttf" filename = "\\Windows\\Fonts\\cambriab.ttf" (normalized: "c:\\windows\\fonts\\cambriab.ttf") Region: id = 491 start_va = 0x1ac70000 end_va = 0x1ad41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriaz.ttf" filename = "\\Windows\\Fonts\\cambriaz.ttf" (normalized: "c:\\windows\\fonts\\cambriaz.ttf") Region: id = 492 start_va = 0x1c570000 end_va = 0x1c725fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 493 start_va = 0x1abf0000 end_va = 0x1ac25fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candara.ttf" filename = "\\Windows\\Fonts\\Candara.ttf" (normalized: "c:\\windows\\fonts\\candara.ttf") Region: id = 494 start_va = 0x950000 end_va = 0x96dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candaral.ttf" filename = "\\Windows\\Fonts\\Candaral.ttf" (normalized: "c:\\windows\\fonts\\candaral.ttf") Region: id = 495 start_va = 0x1abf0000 end_va = 0x1ac27fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarai.ttf" filename = "\\Windows\\Fonts\\Candarai.ttf" (normalized: "c:\\windows\\fonts\\candarai.ttf") Region: id = 496 start_va = 0x950000 end_va = 0x96dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarali.ttf" filename = "\\Windows\\Fonts\\Candarali.ttf" (normalized: "c:\\windows\\fonts\\candarali.ttf") Region: id = 497 start_va = 0x1abf0000 end_va = 0x1ac27fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarab.ttf" filename = "\\Windows\\Fonts\\Candarab.ttf" (normalized: "c:\\windows\\fonts\\candarab.ttf") Region: id = 498 start_va = 0x1abf0000 end_va = 0x1ac2bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comic.ttf" filename = "\\Windows\\Fonts\\comic.ttf" (normalized: "c:\\windows\\fonts\\comic.ttf") Region: id = 499 start_va = 0x1abf0000 end_va = 0x1ac27fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comici.ttf" filename = "\\Windows\\Fonts\\comici.ttf" (normalized: "c:\\windows\\fonts\\comici.ttf") Region: id = 500 start_va = 0x1abf0000 end_va = 0x1ac28fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comicbd.ttf" filename = "\\Windows\\Fonts\\comicbd.ttf" (normalized: "c:\\windows\\fonts\\comicbd.ttf") Region: id = 501 start_va = 0x1abf0000 end_va = 0x1ac26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comicz.ttf" filename = "\\Windows\\Fonts\\comicz.ttf" (normalized: "c:\\windows\\fonts\\comicz.ttf") Region: id = 502 start_va = 0x1ac70000 end_va = 0x1ace0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consola.ttf" filename = "\\Windows\\Fonts\\consola.ttf" (normalized: "c:\\windows\\fonts\\consola.ttf") Region: id = 503 start_va = 0x1ac70000 end_va = 0x1ace2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolai.ttf" filename = "\\Windows\\Fonts\\consolai.ttf" (normalized: "c:\\windows\\fonts\\consolai.ttf") Region: id = 504 start_va = 0x1abf0000 end_va = 0x1ac51fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolab.ttf" filename = "\\Windows\\Fonts\\consolab.ttf" (normalized: "c:\\windows\\fonts\\consolab.ttf") Region: id = 505 start_va = 0x1abf0000 end_va = 0x1ac53fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolaz.ttf" filename = "\\Windows\\Fonts\\consolaz.ttf" (normalized: "c:\\windows\\fonts\\consolaz.ttf") Region: id = 506 start_va = 0x1abf0000 end_va = 0x1ac5dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constan.ttf" filename = "\\Windows\\Fonts\\constan.ttf" (normalized: "c:\\windows\\fonts\\constan.ttf") Region: id = 507 start_va = 0x1abf0000 end_va = 0x1ac5efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanb.ttf" filename = "\\Windows\\Fonts\\constanb.ttf" (normalized: "c:\\windows\\fonts\\constanb.ttf") Region: id = 508 start_va = 0x1abf0000 end_va = 0x1ac5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanz.ttf" filename = "\\Windows\\Fonts\\constanz.ttf" (normalized: "c:\\windows\\fonts\\constanz.ttf") Region: id = 509 start_va = 0x1abf0000 end_va = 0x1ac33fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbel.ttf" filename = "\\Windows\\Fonts\\corbel.ttf" (normalized: "c:\\windows\\fonts\\corbel.ttf") Region: id = 510 start_va = 0x1abf0000 end_va = 0x1ac1afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbell.ttf" filename = "\\Windows\\Fonts\\corbell.ttf" (normalized: "c:\\windows\\fonts\\corbell.ttf") Region: id = 511 start_va = 0x1abf0000 end_va = 0x1ac35fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbeli.ttf" filename = "\\Windows\\Fonts\\corbeli.ttf" (normalized: "c:\\windows\\fonts\\corbeli.ttf") Region: id = 512 start_va = 0x1abf0000 end_va = 0x1ac19fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelli.ttf" filename = "\\Windows\\Fonts\\corbelli.ttf" (normalized: "c:\\windows\\fonts\\corbelli.ttf") Region: id = 513 start_va = 0x1abf0000 end_va = 0x1ac37fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelb.ttf" filename = "\\Windows\\Fonts\\corbelb.ttf" (normalized: "c:\\windows\\fonts\\corbelb.ttf") Region: id = 514 start_va = 0x1ac70000 end_va = 0x1ad34fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cour.ttf" filename = "\\Windows\\Fonts\\cour.ttf" (normalized: "c:\\windows\\fonts\\cour.ttf") Region: id = 515 start_va = 0x1ac70000 end_va = 0x1ad12fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "couri.ttf" filename = "\\Windows\\Fonts\\couri.ttf" (normalized: "c:\\windows\\fonts\\couri.ttf") Region: id = 516 start_va = 0x1ac70000 end_va = 0x1ad34fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbd.ttf" filename = "\\Windows\\Fonts\\courbd.ttf" (normalized: "c:\\windows\\fonts\\courbd.ttf") Region: id = 517 start_va = 0x1ac70000 end_va = 0x1acfcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbi.ttf" filename = "\\Windows\\Fonts\\courbi.ttf" (normalized: "c:\\windows\\fonts\\courbi.ttf") Region: id = 518 start_va = 0x1ac70000 end_va = 0x1ad4dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrima.ttf" filename = "\\Windows\\Fonts\\ebrima.ttf" (normalized: "c:\\windows\\fonts\\ebrima.ttf") Region: id = 519 start_va = 0x1ac70000 end_va = 0x1ad4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrimabd.ttf" filename = "\\Windows\\Fonts\\ebrimabd.ttf" (normalized: "c:\\windows\\fonts\\ebrimabd.ttf") Region: id = 520 start_va = 0x1abf0000 end_va = 0x1ac10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framd.ttf" filename = "\\Windows\\Fonts\\framd.ttf" (normalized: "c:\\windows\\fonts\\framd.ttf") Region: id = 521 start_va = 0x1abf0000 end_va = 0x1ac14fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framdit.ttf" filename = "\\Windows\\Fonts\\framdit.ttf" (normalized: "c:\\windows\\fonts\\framdit.ttf") Region: id = 522 start_va = 0x1c570000 end_va = 0x1c728fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gabriola.ttf" filename = "\\Windows\\Fonts\\Gabriola.ttf" (normalized: "c:\\windows\\fonts\\gabriola.ttf") Region: id = 523 start_va = 0x1abf0000 end_va = 0x1ac2cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugi.ttf" filename = "\\Windows\\Fonts\\gadugi.ttf" (normalized: "c:\\windows\\fonts\\gadugi.ttf") Region: id = 524 start_va = 0x1abf0000 end_va = 0x1ac2bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugib.ttf" filename = "\\Windows\\Fonts\\gadugib.ttf" (normalized: "c:\\windows\\fonts\\gadugib.ttf") Region: id = 525 start_va = 0x1abf0000 end_va = 0x1ac25fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgia.ttf" filename = "\\Windows\\Fonts\\georgia.ttf" (normalized: "c:\\windows\\fonts\\georgia.ttf") Region: id = 526 start_va = 0x1abf0000 end_va = 0x1ac22fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiai.ttf" filename = "\\Windows\\Fonts\\georgiai.ttf" (normalized: "c:\\windows\\fonts\\georgiai.ttf") Region: id = 527 start_va = 0x1abf0000 end_va = 0x1ac23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiaz.ttf" filename = "\\Windows\\Fonts\\georgiaz.ttf" (normalized: "c:\\windows\\fonts\\georgiaz.ttf") Region: id = 528 start_va = 0x1abf0000 end_va = 0x1ac22fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "impact.ttf" filename = "\\Windows\\Fonts\\impact.ttf" (normalized: "c:\\windows\\fonts\\impact.ttf") Region: id = 529 start_va = 0x950000 end_va = 0x95afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "inkfree.ttf" filename = "\\Windows\\Fonts\\Inkfree.ttf" (normalized: "c:\\windows\\fonts\\inkfree.ttf") Region: id = 530 start_va = 0x1abf0000 end_va = 0x1ac3afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "javatext.ttf" filename = "\\Windows\\Fonts\\javatext.ttf" (normalized: "c:\\windows\\fonts\\javatext.ttf") Region: id = 531 start_va = 0x1abf0000 end_va = 0x1ac50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelawui.ttf" filename = "\\Windows\\Fonts\\LeelawUI.ttf" (normalized: "c:\\windows\\fonts\\leelawui.ttf") Region: id = 532 start_va = 0x1abf0000 end_va = 0x1ac4efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leeluisl.ttf" filename = "\\Windows\\Fonts\\LeelUIsl.ttf" (normalized: "c:\\windows\\fonts\\leeluisl.ttf") Region: id = 533 start_va = 0x1abf0000 end_va = 0x1ac3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelauib.ttf" filename = "\\Windows\\Fonts\\LeelaUIb.ttf" (normalized: "c:\\windows\\fonts\\leelauib.ttf") Region: id = 534 start_va = 0x950000 end_va = 0x96bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lucon.ttf" filename = "\\Windows\\Fonts\\lucon.ttf" (normalized: "c:\\windows\\fonts\\lucon.ttf") Region: id = 535 start_va = 0x1abf0000 end_va = 0x1ac3bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "l_10646.ttf" filename = "\\Windows\\Fonts\\l_10646.ttf" (normalized: "c:\\windows\\fonts\\l_10646.ttf") Region: id = 536 start_va = 0x1c570000 end_va = 0x1d245fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 537 start_va = 0x1c570000 end_va = 0x1ca49fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgunsl.ttf" filename = "\\Windows\\Fonts\\malgunsl.ttf" (normalized: "c:\\windows\\fonts\\malgunsl.ttf") Region: id = 538 start_va = 0x1c570000 end_va = 0x1d173fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgunbd.ttf" filename = "\\Windows\\Fonts\\malgunbd.ttf" (normalized: "c:\\windows\\fonts\\malgunbd.ttf") Region: id = 539 start_va = 0x1ac70000 end_va = 0x1acfbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "himalaya.ttf" filename = "\\Windows\\Fonts\\himalaya.ttf" (normalized: "c:\\windows\\fonts\\himalaya.ttf") Region: id = 540 start_va = 0x1c570000 end_va = 0x1d9d9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttc" filename = "\\Windows\\Fonts\\msjh.ttc" (normalized: "c:\\windows\\fonts\\msjh.ttc") Region: id = 541 start_va = 0x1c570000 end_va = 0x1d1b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhl.ttc" filename = "\\Windows\\Fonts\\msjhl.ttc" (normalized: "c:\\windows\\fonts\\msjhl.ttc") Region: id = 542 start_va = 0x1c570000 end_va = 0x1d335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttc" filename = "\\Windows\\Fonts\\msjhbd.ttc" (normalized: "c:\\windows\\fonts\\msjhbd.ttc") Region: id = 543 start_va = 0x1c570000 end_va = 0x1d9d9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttc" filename = "\\Windows\\Fonts\\msjh.ttc" (normalized: "c:\\windows\\fonts\\msjh.ttc") Region: id = 544 start_va = 0x1c570000 end_va = 0x1d1b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhl.ttc" filename = "\\Windows\\Fonts\\msjhl.ttc" (normalized: "c:\\windows\\fonts\\msjhl.ttc") Region: id = 545 start_va = 0x1c570000 end_va = 0x1d335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttc" filename = "\\Windows\\Fonts\\msjhbd.ttc" (normalized: "c:\\windows\\fonts\\msjhbd.ttc") Region: id = 546 start_va = 0x950000 end_va = 0x962fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailu.ttf" filename = "\\Windows\\Fonts\\ntailu.ttf" (normalized: "c:\\windows\\fonts\\ntailu.ttf") Region: id = 547 start_va = 0x950000 end_va = 0x960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailub.ttf" filename = "\\Windows\\Fonts\\ntailub.ttf" (normalized: "c:\\windows\\fonts\\ntailub.ttf") Region: id = 548 start_va = 0x950000 end_va = 0x966fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspa.ttf" filename = "\\Windows\\Fonts\\phagspa.ttf" (normalized: "c:\\windows\\fonts\\phagspa.ttf") Region: id = 549 start_va = 0x950000 end_va = 0x967fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspab.ttf" filename = "\\Windows\\Fonts\\phagspab.ttf" (normalized: "c:\\windows\\fonts\\phagspab.ttf") Region: id = 550 start_va = 0x1ac70000 end_va = 0x1ad45fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 551 start_va = 0x950000 end_va = 0x960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taile.ttf" filename = "\\Windows\\Fonts\\taile.ttf" (normalized: "c:\\windows\\fonts\\taile.ttf") Region: id = 552 start_va = 0x950000 end_va = 0x95efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taileb.ttf" filename = "\\Windows\\Fonts\\taileb.ttf" (normalized: "c:\\windows\\fonts\\taileb.ttf") Region: id = 553 start_va = 0x1c570000 end_va = 0x1d82cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttc" filename = "\\Windows\\Fonts\\msyh.ttc" (normalized: "c:\\windows\\fonts\\msyh.ttc") Region: id = 554 start_va = 0x1c570000 end_va = 0x1d103fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhl.ttc" filename = "\\Windows\\Fonts\\msyhl.ttc" (normalized: "c:\\windows\\fonts\\msyhl.ttc") Region: id = 555 start_va = 0x1c570000 end_va = 0x1d57cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttc" filename = "\\Windows\\Fonts\\msyhbd.ttc" (normalized: "c:\\windows\\fonts\\msyhbd.ttc") Region: id = 556 start_va = 0x1c570000 end_va = 0x1d82cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttc" filename = "\\Windows\\Fonts\\msyh.ttc" (normalized: "c:\\windows\\fonts\\msyh.ttc") Region: id = 557 start_va = 0x1c570000 end_va = 0x1d103fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhl.ttc" filename = "\\Windows\\Fonts\\msyhl.ttc" (normalized: "c:\\windows\\fonts\\msyhl.ttc") Region: id = 558 start_va = 0x1c570000 end_va = 0x1d57cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttc" filename = "\\Windows\\Fonts\\msyhbd.ttc" (normalized: "c:\\windows\\fonts\\msyhbd.ttc") Region: id = 559 start_va = 0x1abf0000 end_va = 0x1ac39fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyi.ttf" filename = "\\Windows\\Fonts\\msyi.ttf" (normalized: "c:\\windows\\fonts\\msyi.ttf") Region: id = 560 start_va = 0x1c570000 end_va = 0x1e885fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliub.ttc" filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc") Region: id = 561 start_va = 0x1abf0000 end_va = 0x1ac36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "monbaiti.ttf" filename = "\\Windows\\Fonts\\monbaiti.ttf" (normalized: "c:\\windows\\fonts\\monbaiti.ttf") Region: id = 562 start_va = 0x1c570000 end_va = 0x1ce02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgothic.ttc" filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc") Region: id = 563 start_va = 0x950000 end_va = 0x963fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mvboli.ttf" filename = "\\Windows\\Fonts\\mvboli.ttf" (normalized: "c:\\windows\\fonts\\mvboli.ttf") Region: id = 564 start_va = 0x1abf0000 end_va = 0x1ac46fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mmrtext.ttf" filename = "\\Windows\\Fonts\\mmrtext.ttf" (normalized: "c:\\windows\\fonts\\mmrtext.ttf") Region: id = 565 start_va = 0x1abf0000 end_va = 0x1ac41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mmrtextb.ttf" filename = "\\Windows\\Fonts\\mmrtextb.ttf" (normalized: "c:\\windows\\fonts\\mmrtextb.ttf") Region: id = 566 start_va = 0x1c570000 end_va = 0x1c6e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmala.ttf" filename = "\\Windows\\Fonts\\Nirmala.ttf" (normalized: "c:\\windows\\fonts\\nirmala.ttf") Region: id = 567 start_va = 0x1c570000 end_va = 0x1c6ebfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmalas.ttf" filename = "\\Windows\\Fonts\\NirmalaS.ttf" (normalized: "c:\\windows\\fonts\\nirmalas.ttf") Region: id = 568 start_va = 0x1c570000 end_va = 0x1c6d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmalab.ttf" filename = "\\Windows\\Fonts\\NirmalaB.ttf" (normalized: "c:\\windows\\fonts\\nirmalab.ttf") Region: id = 569 start_va = 0x1ac70000 end_va = 0x1ace3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pala.ttf" filename = "\\Windows\\Fonts\\pala.ttf" (normalized: "c:\\windows\\fonts\\pala.ttf") Region: id = 570 start_va = 0x1abf0000 end_va = 0x1ac55fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palai.ttf" filename = "\\Windows\\Fonts\\palai.ttf" (normalized: "c:\\windows\\fonts\\palai.ttf") Region: id = 571 start_va = 0x1abf0000 end_va = 0x1ac56fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palab.ttf" filename = "\\Windows\\Fonts\\palab.ttf" (normalized: "c:\\windows\\fonts\\palab.ttf") Region: id = 572 start_va = 0x1abf0000 end_va = 0x1ac41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palabi.ttf" filename = "\\Windows\\Fonts\\palabi.ttf" (normalized: "c:\\windows\\fonts\\palabi.ttf") Region: id = 573 start_va = 0x1abf0000 end_va = 0x1ac19fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoepr.ttf" filename = "\\Windows\\Fonts\\segoepr.ttf" (normalized: "c:\\windows\\fonts\\segoepr.ttf") Region: id = 574 start_va = 0x1abf0000 end_va = 0x1ac18fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeprb.ttf" filename = "\\Windows\\Fonts\\segoeprb.ttf" (normalized: "c:\\windows\\fonts\\segoeprb.ttf") Region: id = 575 start_va = 0x1ac70000 end_va = 0x1ad01fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoesc.ttf" filename = "\\Windows\\Fonts\\segoesc.ttf" (normalized: "c:\\windows\\fonts\\segoesc.ttf") Region: id = 576 start_va = 0x1ac70000 end_va = 0x1acfdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoescb.ttf" filename = "\\Windows\\Fonts\\segoescb.ttf" (normalized: "c:\\windows\\fonts\\segoescb.ttf") Region: id = 577 start_va = 0x1c570000 end_va = 0x1c6c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguihis.ttf" filename = "\\Windows\\Fonts\\seguihis.ttf" (normalized: "c:\\windows\\fonts\\seguihis.ttf") Region: id = 578 start_va = 0x1c570000 end_va = 0x1d6cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsun.ttc" filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc") Region: id = 579 start_va = 0x1c570000 end_va = 0x1d5b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsunb.ttf" filename = "\\Windows\\Fonts\\simsunb.ttf" (normalized: "c:\\windows\\fonts\\simsunb.ttf") Region: id = 580 start_va = 0x1ac70000 end_va = 0x1ad56fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitka.ttc" filename = "\\Windows\\Fonts\\Sitka.ttc" (normalized: "c:\\windows\\fonts\\sitka.ttc") Region: id = 581 start_va = 0x1c570000 end_va = 0x1c661fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkai.ttc" filename = "\\Windows\\Fonts\\SitkaI.ttc" (normalized: "c:\\windows\\fonts\\sitkai.ttc") Region: id = 582 start_va = 0x1ac70000 end_va = 0x1ad54fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkab.ttc" filename = "\\Windows\\Fonts\\SitkaB.ttc" (normalized: "c:\\windows\\fonts\\sitkab.ttc") Region: id = 583 start_va = 0x1ac70000 end_va = 0x1ad5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkaz.ttc" filename = "\\Windows\\Fonts\\SitkaZ.ttc" (normalized: "c:\\windows\\fonts\\sitkaz.ttc") Region: id = 584 start_va = 0x1ac70000 end_va = 0x1ad56fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitka.ttc" filename = "\\Windows\\Fonts\\Sitka.ttc" (normalized: "c:\\windows\\fonts\\sitka.ttc") Region: id = 585 start_va = 0x1c570000 end_va = 0x1c661fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkai.ttc" filename = "\\Windows\\Fonts\\SitkaI.ttc" (normalized: "c:\\windows\\fonts\\sitkai.ttc") Region: id = 586 start_va = 0x1ac70000 end_va = 0x1ad54fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkab.ttc" filename = "\\Windows\\Fonts\\SitkaB.ttc" (normalized: "c:\\windows\\fonts\\sitkab.ttc") Region: id = 587 start_va = 0x1ac70000 end_va = 0x1ad5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkaz.ttc" filename = "\\Windows\\Fonts\\SitkaZ.ttc" (normalized: "c:\\windows\\fonts\\sitkaz.ttc") Region: id = 588 start_va = 0x1ac70000 end_va = 0x1ad56fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitka.ttc" filename = "\\Windows\\Fonts\\Sitka.ttc" (normalized: "c:\\windows\\fonts\\sitka.ttc") Region: id = 589 start_va = 0x1c570000 end_va = 0x1c661fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkai.ttc" filename = "\\Windows\\Fonts\\SitkaI.ttc" (normalized: "c:\\windows\\fonts\\sitkai.ttc") Region: id = 590 start_va = 0x1ac70000 end_va = 0x1ad54fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkab.ttc" filename = "\\Windows\\Fonts\\SitkaB.ttc" (normalized: "c:\\windows\\fonts\\sitkab.ttc") Region: id = 591 start_va = 0x1ac70000 end_va = 0x1ad5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkaz.ttc" filename = "\\Windows\\Fonts\\SitkaZ.ttc" (normalized: "c:\\windows\\fonts\\sitkaz.ttc") Region: id = 592 start_va = 0x1ac70000 end_va = 0x1ad56fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitka.ttc" filename = "\\Windows\\Fonts\\Sitka.ttc" (normalized: "c:\\windows\\fonts\\sitka.ttc") Region: id = 593 start_va = 0x1c570000 end_va = 0x1c661fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkai.ttc" filename = "\\Windows\\Fonts\\SitkaI.ttc" (normalized: "c:\\windows\\fonts\\sitkai.ttc") Region: id = 594 start_va = 0x1ac70000 end_va = 0x1ad54fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkab.ttc" filename = "\\Windows\\Fonts\\SitkaB.ttc" (normalized: "c:\\windows\\fonts\\sitkab.ttc") Region: id = 595 start_va = 0x1ac70000 end_va = 0x1ad5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkaz.ttc" filename = "\\Windows\\Fonts\\SitkaZ.ttc" (normalized: "c:\\windows\\fonts\\sitkaz.ttc") Region: id = 596 start_va = 0x1ac70000 end_va = 0x1ad56fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitka.ttc" filename = "\\Windows\\Fonts\\Sitka.ttc" (normalized: "c:\\windows\\fonts\\sitka.ttc") Region: id = 597 start_va = 0x1c570000 end_va = 0x1c661fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkai.ttc" filename = "\\Windows\\Fonts\\SitkaI.ttc" (normalized: "c:\\windows\\fonts\\sitkai.ttc") Region: id = 598 start_va = 0x1ac70000 end_va = 0x1ad54fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkab.ttc" filename = "\\Windows\\Fonts\\SitkaB.ttc" (normalized: "c:\\windows\\fonts\\sitkab.ttc") Region: id = 599 start_va = 0x1ac70000 end_va = 0x1ad5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkaz.ttc" filename = "\\Windows\\Fonts\\SitkaZ.ttc" (normalized: "c:\\windows\\fonts\\sitkaz.ttc") Region: id = 600 start_va = 0x1ac70000 end_va = 0x1ad56fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitka.ttc" filename = "\\Windows\\Fonts\\Sitka.ttc" (normalized: "c:\\windows\\fonts\\sitka.ttc") Region: id = 601 start_va = 0x1c570000 end_va = 0x1c661fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkai.ttc" filename = "\\Windows\\Fonts\\SitkaI.ttc" (normalized: "c:\\windows\\fonts\\sitkai.ttc") Region: id = 602 start_va = 0x1c570000 end_va = 0x1c66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c570000" filename = "" Region: id = 603 start_va = 0x1ac70000 end_va = 0x1ad54fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkab.ttc" filename = "\\Windows\\Fonts\\SitkaB.ttc" (normalized: "c:\\windows\\fonts\\sitkab.ttc") Region: id = 604 start_va = 0x1ac70000 end_va = 0x1ad5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sitkaz.ttc" filename = "\\Windows\\Fonts\\SitkaZ.ttc" (normalized: "c:\\windows\\fonts\\sitkaz.ttc") Region: id = 605 start_va = 0x1abf0000 end_va = 0x1ac2efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sylfaen.ttf" filename = "\\Windows\\Fonts\\sylfaen.ttf" (normalized: "c:\\windows\\fonts\\sylfaen.ttf") Region: id = 606 start_va = 0x950000 end_va = 0x960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "symbol.ttf" filename = "\\Windows\\Fonts\\symbol.ttf" (normalized: "c:\\windows\\fonts\\symbol.ttf") Region: id = 607 start_va = 0x1ac70000 end_va = 0x1ad55fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 608 start_va = 0x1ac70000 end_va = 0x1ad43fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahomabd.ttf" filename = "\\Windows\\Fonts\\tahomabd.ttf" (normalized: "c:\\windows\\fonts\\tahomabd.ttf") Region: id = 609 start_va = 0x1abf0000 end_va = 0x1ac2efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebuc.ttf" filename = "\\Windows\\Fonts\\trebuc.ttf" (normalized: "c:\\windows\\fonts\\trebuc.ttf") Region: id = 610 start_va = 0x1abf0000 end_va = 0x1ac2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucit.ttf" filename = "\\Windows\\Fonts\\trebucit.ttf" (normalized: "c:\\windows\\fonts\\trebucit.ttf") Region: id = 611 start_va = 0x1abf0000 end_va = 0x1ac2bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbd.ttf" filename = "\\Windows\\Fonts\\trebucbd.ttf" (normalized: "c:\\windows\\fonts\\trebucbd.ttf") Region: id = 612 start_va = 0x1abf0000 end_va = 0x1ac27fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbi.ttf" filename = "\\Windows\\Fonts\\trebucbi.ttf" (normalized: "c:\\windows\\fonts\\trebucbi.ttf") Region: id = 613 start_va = 0x1abf0000 end_va = 0x1ac2bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdana.ttf" filename = "\\Windows\\Fonts\\verdana.ttf" (normalized: "c:\\windows\\fonts\\verdana.ttf") Region: id = 614 start_va = 0x1abf0000 end_va = 0x1ac26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanai.ttf" filename = "\\Windows\\Fonts\\verdanai.ttf" (normalized: "c:\\windows\\fonts\\verdanai.ttf") Region: id = 615 start_va = 0x1abf0000 end_va = 0x1ac23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanab.ttf" filename = "\\Windows\\Fonts\\verdanab.ttf" (normalized: "c:\\windows\\fonts\\verdanab.ttf") Region: id = 616 start_va = 0x1abf0000 end_va = 0x1ac28fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanaz.ttf" filename = "\\Windows\\Fonts\\verdanaz.ttf" (normalized: "c:\\windows\\fonts\\verdanaz.ttf") Region: id = 617 start_va = 0x950000 end_va = 0x96dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "webdings.ttf" filename = "\\Windows\\Fonts\\webdings.ttf" (normalized: "c:\\windows\\fonts\\webdings.ttf") Region: id = 618 start_va = 0x950000 end_va = 0x964fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingding.ttf" filename = "\\Windows\\Fonts\\wingding.ttf" (normalized: "c:\\windows\\fonts\\wingding.ttf") Region: id = 619 start_va = 0x1c670000 end_va = 0x1d37afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "yugothr.ttc" filename = "\\Windows\\Fonts\\YuGothR.ttc" (normalized: "c:\\windows\\fonts\\yugothr.ttc") Region: id = 620 start_va = 0x1c670000 end_va = 0x1d38bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "yugothm.ttc" filename = "\\Windows\\Fonts\\YuGothM.ttc" (normalized: "c:\\windows\\fonts\\yugothm.ttc") Region: id = 621 start_va = 0x1c670000 end_va = 0x1d39afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "yugothl.ttc" filename = "\\Windows\\Fonts\\YuGothL.ttc" (normalized: "c:\\windows\\fonts\\yugothl.ttc") Region: id = 622 start_va = 0x1c670000 end_va = 0x1d449fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "yugothb.ttc" filename = "\\Windows\\Fonts\\YuGothB.ttc" (normalized: "c:\\windows\\fonts\\yugothb.ttc") Region: id = 623 start_va = 0x1c670000 end_va = 0x1d38bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "yugothm.ttc" filename = "\\Windows\\Fonts\\YuGothM.ttc" (normalized: "c:\\windows\\fonts\\yugothm.ttc") Region: id = 624 start_va = 0x1c670000 end_va = 0x1d37afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "yugothr.ttc" filename = "\\Windows\\Fonts\\YuGothR.ttc" (normalized: "c:\\windows\\fonts\\yugothr.ttc") Region: id = 625 start_va = 0x1c670000 end_va = 0x1d39afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "yugothl.ttc" filename = "\\Windows\\Fonts\\YuGothL.ttc" (normalized: "c:\\windows\\fonts\\yugothl.ttc") Region: id = 626 start_va = 0x1c670000 end_va = 0x1d449fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "yugothb.ttc" filename = "\\Windows\\Fonts\\YuGothB.ttc" (normalized: "c:\\windows\\fonts\\yugothb.ttc") Region: id = 627 start_va = 0x1c670000 end_va = 0x1d449fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "yugothb.ttc" filename = "\\Windows\\Fonts\\YuGothB.ttc" (normalized: "c:\\windows\\fonts\\yugothb.ttc") Region: id = 628 start_va = 0x950000 end_va = 0x959fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "holomdl2.ttf" filename = "\\Windows\\Fonts\\holomdl2.ttf" (normalized: "c:\\windows\\fonts\\holomdl2.ttf") Region: id = 629 start_va = 0x950000 end_va = 0x956fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "marlett.ttf" filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf") Region: id = 630 start_va = 0x1c670000 end_va = 0x1cb61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001c670000" filename = "" Region: id = 631 start_va = 0x1ac70000 end_va = 0x1ad45fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 632 start_va = 0x7ffa21140000 end_va = 0x7ffa2114ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa21140000" filename = "" Region: id = 633 start_va = 0x1cb70000 end_va = 0x1cc6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001cb70000" filename = "" Region: id = 634 start_va = 0x1abf0000 end_va = 0x1ac51fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscorrc.dll") Region: id = 635 start_va = 0x950000 end_va = 0x95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 636 start_va = 0x7ffa9dc90000 end_va = 0x7ffa9de43fff monitored = 0 entry_point = 0x7ffa9dd068b0 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 637 start_va = 0x960000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 638 start_va = 0x1cc70000 end_va = 0x1cc9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001cc70000" filename = "" Region: id = 639 start_va = 0x1cc70000 end_va = 0x1cc7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001cc70000" filename = "" Region: id = 640 start_va = 0x1cc80000 end_va = 0x1cc8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001cc80000" filename = "" Region: id = 641 start_va = 0x1cc90000 end_va = 0x1cc9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001cc90000" filename = "" Region: id = 642 start_va = 0x1cca0000 end_va = 0x1defffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 643 start_va = 0x1df00000 end_va = 0x1dffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001df00000" filename = "" Region: id = 644 start_va = 0x7ffa99020000 end_va = 0x7ffa990cdfff monitored = 0 entry_point = 0x7ffa9906b570 region_type = mapped_file name = "textshaping.dll" filename = "\\Windows\\System32\\TextShaping.dll" (normalized: "c:\\windows\\system32\\textshaping.dll") Region: id = 645 start_va = 0x1abd0000 end_va = 0x1abd4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 646 start_va = 0x1ad50000 end_va = 0x1ad50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001ad50000" filename = "" Region: id = 647 start_va = 0x1e000000 end_va = 0x1e0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e000000" filename = "" Region: id = 648 start_va = 0x7ffa9b7d0000 end_va = 0x7ffa9b8cbfff monitored = 0 entry_point = 0x7ffa9b80ae50 region_type = mapped_file name = "textinputframework.dll" filename = "\\Windows\\System32\\TextInputFramework.dll" (normalized: "c:\\windows\\system32\\textinputframework.dll") Region: id = 649 start_va = 0x7ffa9ff40000 end_va = 0x7ffaa0299fff monitored = 0 entry_point = 0x7ffa9ffc2d50 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 650 start_va = 0x7ffaa02a0000 end_va = 0x7ffaa0391fff monitored = 0 entry_point = 0x7ffaa02f70f0 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 651 start_va = 0x7ffaa4790000 end_va = 0x7ffaa47fafff monitored = 0 entry_point = 0x7ffaa47a4300 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 652 start_va = 0x7ffaa1940000 end_va = 0x7ffaa1972fff monitored = 0 entry_point = 0x7ffaa1946930 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 653 start_va = 0x7ffa9f870000 end_va = 0x7ffa9f9c5fff monitored = 0 entry_point = 0x7ffa9f89b240 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 654 start_va = 0x7ffa90990000 end_va = 0x7ffa90c29fff monitored = 0 entry_point = 0x7ffa90a296c0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec\\comctl32.dll") Region: id = 655 start_va = 0x1ad50000 end_va = 0x1ad50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 656 start_va = 0x1e100000 end_va = 0x1e101fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001e100000" filename = "" Region: id = 657 start_va = 0x1ad50000 end_va = 0x1ad56fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 658 start_va = 0x1e110000 end_va = 0x1e20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e110000" filename = "" Region: id = 659 start_va = 0x1e210000 end_va = 0x1e30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e210000" filename = "" Region: id = 660 start_va = 0x7ffa9f4e0000 end_va = 0x7ffa9f5d4fff monitored = 0 entry_point = 0x7ffa9f522860 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 661 start_va = 0x7ffa99f00000 end_va = 0x7ffa9a0ecfff monitored = 0 entry_point = 0x7ffa99f7ea20 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 662 start_va = 0x7ffa9a2a0000 end_va = 0x7ffa9a54dfff monitored = 0 entry_point = 0x7ffa9a2d69a0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 663 start_va = 0x1e310000 end_va = 0x1e310fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001e310000" filename = "" Region: id = 664 start_va = 0x7ffaa50f0000 end_va = 0x7ffaa5197fff monitored = 0 entry_point = 0x7ffaa510d990 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 665 start_va = 0x1e320000 end_va = 0x1e320fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001e320000" filename = "" Region: id = 666 start_va = 0x1e330000 end_va = 0x1e474fff monitored = 0 entry_point = 0x1e38a9b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 667 start_va = 0x1e330000 end_va = 0x1e42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e330000" filename = "" Region: id = 668 start_va = 0x7ffa939a0000 end_va = 0x7ffa939bcfff monitored = 0 entry_point = 0x7ffa939a6080 region_type = mapped_file name = "windows.shell.servicehostbuilder.dll" filename = "\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll") Region: id = 793 start_va = 0x7ffa9d360000 end_va = 0x7ffa9daf0fff monitored = 0 entry_point = 0x7ffa9d375f30 region_type = mapped_file name = "onecoreuapcommonproxystub.dll" filename = "\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\onecoreuapcommonproxystub.dll") Region: id = 795 start_va = 0x1e430000 end_va = 0x1eb79fff monitored = 0 entry_point = 0x1e54b240 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 796 start_va = 0x1eb80000 end_va = 0x1ed2afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 797 start_va = 0x7ffa83a50000 end_va = 0x7ffa84199fff monitored = 0 entry_point = 0x7ffa83b6b240 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 798 start_va = 0x7ffa86e10000 end_va = 0x7ffa86e27fff monitored = 0 entry_point = 0x7ffa86e11360 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 799 start_va = 0x7ffaa2970000 end_va = 0x7ffaa299dfff monitored = 0 entry_point = 0x7ffaa2974f10 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 800 start_va = 0x7ffa988b0000 end_va = 0x7ffa989b1fff monitored = 0 entry_point = 0x7ffa988f57d0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 801 start_va = 0x7ffaa1ca0000 end_va = 0x7ffaa1cb6fff monitored = 0 entry_point = 0x7ffaa1ca1d60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 802 start_va = 0x7ffaa1f10000 end_va = 0x7ffaa1f1bfff monitored = 0 entry_point = 0x7ffaa1f11ce0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 803 start_va = 0x1e430000 end_va = 0x1e431fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001e430000" filename = "" Region: id = 804 start_va = 0x1e440000 end_va = 0x1e4a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shell32.dll.mui" filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui") Region: id = 805 start_va = 0x1e4b0000 end_va = 0x1e5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e4b0000" filename = "" Region: id = 806 start_va = 0x1e5b0000 end_va = 0x1e5b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001e5b0000" filename = "" Region: id = 807 start_va = 0x7ffa97250000 end_va = 0x7ffa97395fff monitored = 0 entry_point = 0x7ffa97257620 region_type = mapped_file name = "windows.staterepositoryps.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryPS.dll" (normalized: "c:\\windows\\system32\\windows.staterepositoryps.dll") Region: id = 882 start_va = 0x1e5c0000 end_va = 0x1e5c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\System32\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.storage.dll.mui") Region: id = 883 start_va = 0x1e5d0000 end_va = 0x1e5d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001e5d0000" filename = "" Region: id = 884 start_va = 0x7ffa8f800000 end_va = 0x7ffa8f823fff monitored = 0 entry_point = 0x7ffa8f801790 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 885 start_va = 0x7ffa8ec20000 end_va = 0x7ffa8ec2bfff monitored = 0 entry_point = 0x7ffa8ec22560 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 886 start_va = 0x7ffaa29a0000 end_va = 0x7ffaa29d0fff monitored = 0 entry_point = 0x7ffaa29ae380 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 887 start_va = 0x7ffa86220000 end_va = 0x7ffa86261fff monitored = 0 entry_point = 0x7ffa86226d40 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 888 start_va = 0x7ffa95160000 end_va = 0x7ffa95639fff monitored = 0 entry_point = 0x7ffa9522c180 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 889 start_va = 0x1e5d0000 end_va = 0x1e5d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001e5d0000" filename = "" Region: id = 890 start_va = 0x1e5e0000 end_va = 0x1e5effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001e5e0000" filename = "" Region: id = 891 start_va = 0x7ffa877a0000 end_va = 0x7ffa877e9fff monitored = 0 entry_point = 0x7ffa877cb440 region_type = mapped_file name = "windows.ui.appdefaults.dll" filename = "\\Windows\\System32\\Windows.UI.AppDefaults.dll" (normalized: "c:\\windows\\system32\\windows.ui.appdefaults.dll") Region: id = 892 start_va = 0x1e5f0000 end_va = 0x1e6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e5f0000" filename = "" Region: id = 893 start_va = 0x1e6f0000 end_va = 0x1e7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e6f0000" filename = "" Region: id = 896 start_va = 0x1e7f0000 end_va = 0x1e7f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 897 start_va = 0x1e800000 end_va = 0x1e848fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db") Region: id = 898 start_va = 0x1e850000 end_va = 0x1e853fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 899 start_va = 0x1e860000 end_va = 0x1e8fbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 972 start_va = 0x7ffa93f00000 end_va = 0x7ffa93f7cfff monitored = 0 entry_point = 0x7ffa93f03a80 region_type = mapped_file name = "onecorecommonproxystub.dll" filename = "\\Windows\\System32\\OneCoreCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\onecorecommonproxystub.dll") Region: id = 974 start_va = 0x7ffa9ce40000 end_va = 0x7ffa9cedffff monitored = 0 entry_point = 0x7ffa9ce44570 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 977 start_va = 0x1e110000 end_va = 0x1e2cbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001e110000" filename = "" Region: id = 980 start_va = 0x1e2d0000 end_va = 0x1e2e2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e2d0000" filename = "" Region: id = 981 start_va = 0x1e2f0000 end_va = 0x1e2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e2f0000" filename = "" Region: id = 982 start_va = 0x1e300000 end_va = 0x1e300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e300000" filename = "" Region: id = 983 start_va = 0x1e2d0000 end_va = 0x1e2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e2d0000" filename = "" Region: id = 1512 start_va = 0x1e2f0000 end_va = 0x1e2f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e2f0000" filename = "" Region: id = 1555 start_va = 0x1e300000 end_va = 0x1e30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e300000" filename = "" Thread: id = 1 os_tid = 0x134c [0209.685] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0209.714] RoInitialize () returned 0x1 [0209.715] RoUninitialize () returned 0x0 [0209.953] GetEnvironmentVariableW (in: lpName="LocalAppData", lpBuffer=0x15dae0, nSize=0x80 | out: lpBuffer="") returned 0x20 [0210.029] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x15cba8 | out: phkResult=0x15cba8*=0x0) returned 0x2 [0210.030] RegCloseKey (hKey=0xffffffff80000002) returned 0x0 [0210.501] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0210.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec58) returned 1 [0210.508] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), fInfoLevelId=0x0, lpFileInformation=0x15ef80 | out: lpFileInformation=0x15ef80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0210.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec08) returned 1 [0213.372] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0213.478] GetFullPathNameW (in: lpFileName="C:\\Boot\\bootuwf.dll", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\bootuwf.dll", lpFilePart=0x0) returned 0x13 [0213.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0213.480] CreateFileW (lpFileName="C:\\Boot\\bootuwf.dll" (normalized: "c:\\boot\\bootuwf.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0213.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15b118) returned 1 [0213.513] GetFullPathNameW (in: lpFileName="C:\\Boot\\bootuwf.dll", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\bootuwf.dll", lpFilePart=0x0) returned 0x13 [0213.513] GetFullPathNameW (in: lpFileName="C:\\Boot\\bootuwf.dll.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\bootuwf.dll.rtcrypted", lpFilePart=0x0) returned 0x1d [0213.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0213.513] GetFileAttributesExW (in: lpFileName="C:\\Boot\\bootuwf.dll" (normalized: "c:\\boot\\bootuwf.dll"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d7eec80, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d7eec80, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf5c33ae9, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x6b38)) returned 1 [0213.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0213.516] MoveFileW (lpExistingFileName="C:\\Boot\\bootuwf.dll" (normalized: "c:\\boot\\bootuwf.dll"), lpNewFileName="C:\\Boot\\bootuwf.dll.rtcrypted" (normalized: "c:\\boot\\bootuwf.dll.rtcrypted")) returned 0 [0213.523] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0213.524] GetFullPathNameW (in: lpFileName="C:\\Boot\\bootvhd.dll", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\bootvhd.dll", lpFilePart=0x0) returned 0x13 [0213.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0213.524] CreateFileW (lpFileName="C:\\Boot\\bootvhd.dll" (normalized: "c:\\boot\\bootvhd.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0213.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15b118) returned 1 [0213.650] GetFullPathNameW (in: lpFileName="C:\\Boot\\bootvhd.dll", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\bootvhd.dll", lpFilePart=0x0) returned 0x13 [0213.650] GetFullPathNameW (in: lpFileName="C:\\Boot\\bootvhd.dll.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\bootvhd.dll.rtcrypted", lpFilePart=0x0) returned 0x1d [0213.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0213.651] GetFileAttributesExW (in: lpFileName="C:\\Boot\\bootvhd.dll" (normalized: "c:\\boot\\bootvhd.dll"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d814e13, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf5c33ae9, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x18808)) returned 1 [0213.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0213.652] MoveFileW (lpExistingFileName="C:\\Boot\\bootvhd.dll" (normalized: "c:\\boot\\bootvhd.dll"), lpNewFileName="C:\\Boot\\bootvhd.dll.rtcrypted" (normalized: "c:\\boot\\bootvhd.dll.rtcrypted")) returned 0 [0213.660] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0213.660] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe", lpFilePart=0x0) returned 0x13 [0213.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0213.661] CreateFileW (lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0213.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15b118) returned 1 [0213.667] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe", lpFilePart=0x0) returned 0x13 [0213.667] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe.rtcrypted", lpFilePart=0x0) returned 0x1d [0213.668] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0213.668] GetFileAttributesExW (in: lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da050e0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da2b4a2, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3abfa8a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xf4538)) returned 1 [0213.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0213.668] MoveFileW (lpExistingFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), lpNewFileName="C:\\Boot\\memtest.exe.rtcrypted" (normalized: "c:\\boot\\memtest.exe.rtcrypted")) returned 0 [0213.675] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0213.675] GetFullPathNameW (in: lpFileName="C:\\Boot\\Resources\\bootres.dll", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Resources\\bootres.dll", lpFilePart=0x0) returned 0x1d [0213.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0213.676] CreateFileW (lpFileName="C:\\Boot\\Resources\\bootres.dll" (normalized: "c:\\boot\\resources\\bootres.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0213.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15b118) returned 1 [0213.736] GetFullPathNameW (in: lpFileName="C:\\Boot\\Resources\\bootres.dll", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Resources\\bootres.dll", lpFilePart=0x0) returned 0x1d [0213.736] GetFullPathNameW (in: lpFileName="C:\\Boot\\Resources\\bootres.dll.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Resources\\bootres.dll.rtcrypted", lpFilePart=0x0) returned 0x27 [0213.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0213.736] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Resources\\bootres.dll" (normalized: "c:\\boot\\resources\\bootres.dll"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf021b7c6, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x16938)) returned 1 [0213.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0213.737] MoveFileW (lpExistingFileName="C:\\Boot\\Resources\\bootres.dll" (normalized: "c:\\boot\\resources\\bootres.dll"), lpNewFileName="C:\\Boot\\Resources\\bootres.dll.rtcrypted" (normalized: "c:\\boot\\resources\\bootres.dll.rtcrypted")) returned 0 [0213.742] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0213.743] GetFullPathNameW (in: lpFileName="C:\\Recovery\\WindowsRE\\ReAgent.xml", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\WindowsRE\\ReAgent.xml", lpFilePart=0x0) returned 0x21 [0213.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0213.743] CreateFileW (lpFileName="C:\\Recovery\\WindowsRE\\ReAgent.xml" (normalized: "c:\\recovery\\windowsre\\reagent.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0213.744] GetFileType (hFile=0x2cc) returned 0x1 [0213.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0213.744] GetFileType (hFile=0x2cc) returned 0x1 [0213.745] ReadFile (in: hFile=0x2cc, lpBuffer=0x2242a10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2242a10*, lpNumberOfBytesRead=0x15edd8*=0x458, lpOverlapped=0x0) returned 1 [0213.748] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0213.749] WriteFile (in: hFile=0x2cc, lpBuffer=0x2242a10*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2242a10*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0213.750] CloseHandle (hObject=0x2cc) returned 1 [0213.752] GetFullPathNameW (in: lpFileName="C:\\Recovery\\WindowsRE\\ReAgent.xml", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\WindowsRE\\ReAgent.xml", lpFilePart=0x0) returned 0x21 [0213.752] GetFullPathNameW (in: lpFileName="C:\\Recovery\\WindowsRE\\ReAgent.xml.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\WindowsRE\\ReAgent.xml.rtcrypted", lpFilePart=0x0) returned 0x2b [0213.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0213.753] GetFileAttributesExW (in: lpFileName="C:\\Recovery\\WindowsRE\\ReAgent.xml" (normalized: "c:\\recovery\\windowsre\\reagent.xml"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xc32063c2, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x13c9ce9d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x13c9ce9d, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x458)) returned 1 [0213.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0213.753] MoveFileW (lpExistingFileName="C:\\Recovery\\WindowsRE\\ReAgent.xml" (normalized: "c:\\recovery\\windowsre\\reagent.xml"), lpNewFileName="C:\\Recovery\\WindowsRE\\ReAgent.xml.rtcrypted" (normalized: "c:\\recovery\\windowsre\\reagent.xml.rtcrypted")) returned 1 [0213.770] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0213.770] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0213.770] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0213.771] GetFileType (hFile=0x2cc) returned 0x1 [0213.771] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0213.771] GetFileType (hFile=0x2cc) returned 0x1 [0213.771] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x0 [0213.793] WriteFile (in: hFile=0x2cc, lpBuffer=0x22457c8*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22457c8*, lpNumberOfBytesWritten=0x15ecc8*=0x22, lpOverlapped=0x0) returned 1 [0213.795] CloseHandle (hObject=0x2cc) returned 1 [0213.798] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0213.798] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Setup.exe", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Setup.exe", lpFilePart=0x0) returned 0x4f [0213.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0213.798] CreateFileW (lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Setup.exe" (normalized: "c:\\users\\all users\\adobe\\setup\\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0213.799] GetFileType (hFile=0x2cc) returned 0x1 [0213.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0213.799] GetFileType (hFile=0x2cc) returned 0x1 [0213.799] ReadFile (in: hFile=0x2cc, lpBuffer=0x2246d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2246d58*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0213.804] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0213.806] WriteFile (in: hFile=0x2cc, lpBuffer=0x2246d58*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2246d58*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0213.806] CloseHandle (hObject=0x2cc) returned 1 [0213.835] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Setup.exe", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Setup.exe", lpFilePart=0x0) returned 0x4f [0213.835] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Setup.exe.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Setup.exe.rtcrypted", lpFilePart=0x0) returned 0x59 [0213.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0213.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Setup.exe" (normalized: "c:\\users\\all users\\adobe\\setup\\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\\setup.exe"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x236c39c1, ftCreationTime.dwHighDateTime=0x1d0608d, ftLastAccessTime.dwLowDateTime=0x13d5bf57, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x13d0f97c, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x66aa0)) returned 1 [0213.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0213.836] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Setup.exe" (normalized: "c:\\users\\all users\\adobe\\setup\\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\\setup.exe"), lpNewFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Setup.exe.rtcrypted" (normalized: "c:\\users\\all users\\adobe\\setup\\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\\setup.exe.rtcrypted")) returned 1 [0213.839] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0213.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0213.839] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0213.840] GetFileType (hFile=0x2cc) returned 0x1 [0213.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0213.840] GetFileType (hFile=0x2cc) returned 0x1 [0213.840] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x22 [0213.841] WriteFile (in: hFile=0x2cc, lpBuffer=0x22496f8*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22496f8*, lpNumberOfBytesWritten=0x15ecc8*=0x50, lpOverlapped=0x0) returned 1 [0213.841] CloseHandle (hObject=0x2cc) returned 1 [0213.843] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0213.843] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe", lpFilePart=0x0) returned 0x58 [0213.844] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0213.844] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0213.845] GetFileType (hFile=0x2cc) returned 0x1 [0213.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0213.845] GetFileType (hFile=0x2cc) returned 0x1 [0213.845] ReadFile (in: hFile=0x2cc, lpBuffer=0x224acb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x224acb0*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0213.891] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0213.891] WriteFile (in: hFile=0x2cc, lpBuffer=0x224acb0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x224acb0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0213.892] CloseHandle (hObject=0x2cc) returned 1 [0213.934] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe", lpFilePart=0x0) returned 0x58 [0213.934] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe.rtcrypted", lpFilePart=0x0) returned 0x62 [0213.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0213.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2997f59, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x13e1aad6, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x13df493c, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x70a58)) returned 1 [0213.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0213.935] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe.rtcrypted" (normalized: "c:\\users\\all users\\package cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe.rtcrypted")) returned 1 [0213.937] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0213.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0213.937] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0213.937] GetFileType (hFile=0x2cc) returned 0x1 [0213.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0213.938] GetFileType (hFile=0x2cc) returned 0x1 [0213.938] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x72 [0213.939] WriteFile (in: hFile=0x2cc, lpBuffer=0x224d938*, nNumberOfBytesToWrite=0x59, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x224d938*, lpNumberOfBytesWritten=0x15ecc8*=0x59, lpOverlapped=0x0) returned 1 [0213.939] CloseHandle (hObject=0x2cc) returned 1 [0213.941] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0213.942] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", lpFilePart=0x0) returned 0x58 [0213.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0213.942] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0213.942] GetFileType (hFile=0x2cc) returned 0x1 [0213.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0213.943] GetFileType (hFile=0x2cc) returned 0x1 [0213.943] ReadFile (in: hFile=0x2cc, lpBuffer=0x224eef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x224eef0*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0213.970] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0213.970] WriteFile (in: hFile=0x2cc, lpBuffer=0x224eef0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x224eef0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0213.971] CloseHandle (hObject=0x2cc) returned 1 [0214.068] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", lpFilePart=0x0) returned 0x58 [0214.068] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.rtcrypted", lpFilePart=0x0) returned 0x62 [0214.068] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0214.068] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd70a88f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x13ed95e9, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x13eb353f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x6f428)) returned 1 [0214.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0214.069] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.rtcrypted" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.rtcrypted")) returned 1 [0214.070] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0214.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0214.070] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0214.071] GetFileType (hFile=0x2cc) returned 0x1 [0214.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0214.071] GetFileType (hFile=0x2cc) returned 0x1 [0214.071] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xcb [0214.072] WriteFile (in: hFile=0x2cc, lpBuffer=0x22518d8*, nNumberOfBytesToWrite=0x59, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22518d8*, lpNumberOfBytesWritten=0x15ecc8*=0x59, lpOverlapped=0x0) returned 1 [0214.073] CloseHandle (hObject=0x2cc) returned 1 [0214.087] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0214.146] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\VC_redist.x86.exe", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\VC_redist.x86.exe", lpFilePart=0x0) returned 0x59 [0214.146] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0214.147] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\VC_redist.x86.exe" (normalized: "c:\\users\\all users\\package cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\vc_redist.x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0214.148] GetFileType (hFile=0x2cc) returned 0x1 [0214.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0214.148] GetFileType (hFile=0x2cc) returned 0x1 [0214.148] ReadFile (in: hFile=0x2cc, lpBuffer=0x2252e90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2252e90*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0214.160] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0214.160] WriteFile (in: hFile=0x2cc, lpBuffer=0x2252e90*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2252e90*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0214.160] CloseHandle (hObject=0x2cc) returned 1 [0214.402] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\VC_redist.x86.exe", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\VC_redist.x86.exe", lpFilePart=0x0) returned 0x59 [0214.403] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\VC_redist.x86.exe.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\VC_redist.x86.exe.rtcrypted", lpFilePart=0x0) returned 0x63 [0214.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0214.403] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\VC_redist.x86.exe" (normalized: "c:\\users\\all users\\package cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\vc_redist.x86.exe"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0ba4e22, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x140c95fb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14086c30, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x9eac8)) returned 1 [0214.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0214.403] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\VC_redist.x86.exe" (normalized: "c:\\users\\all users\\package cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\vc_redist.x86.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\VC_redist.x86.exe.rtcrypted" (normalized: "c:\\users\\all users\\package cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\vc_redist.x86.exe.rtcrypted")) returned 1 [0214.405] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0214.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0214.406] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0214.406] GetFileType (hFile=0x2cc) returned 0x1 [0214.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0214.406] GetFileType (hFile=0x2cc) returned 0x1 [0214.406] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x124 [0214.407] WriteFile (in: hFile=0x2cc, lpBuffer=0x22558d0*, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22558d0*, lpNumberOfBytesWritten=0x15ecc8*=0x5a, lpOverlapped=0x0) returned 1 [0214.407] CloseHandle (hObject=0x2cc) returned 1 [0214.409] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0214.410] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", lpFilePart=0x0) returned 0x58 [0214.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0214.410] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0214.410] GetFileType (hFile=0x2cc) returned 0x1 [0214.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0214.411] GetFileType (hFile=0x2cc) returned 0x1 [0214.411] ReadFile (in: hFile=0x2cc, lpBuffer=0x2256e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2256e88*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0214.417] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0214.417] WriteFile (in: hFile=0x2cc, lpBuffer=0x2256e88*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2256e88*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0214.417] CloseHandle (hObject=0x2cc) returned 1 [0214.441] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", lpFilePart=0x0) returned 0x58 [0214.441] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.rtcrypted", lpFilePart=0x0) returned 0x62 [0214.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0214.441] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1432b948, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x143053aa, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x6f398)) returned 1 [0214.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0214.442] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.rtcrypted" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.rtcrypted")) returned 1 [0214.443] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0214.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0214.444] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0214.444] GetFileType (hFile=0x2cc) returned 0x1 [0214.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0214.444] GetFileType (hFile=0x2cc) returned 0x1 [0214.444] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x17e [0214.445] WriteFile (in: hFile=0x2cc, lpBuffer=0x2259870*, nNumberOfBytesToWrite=0x59, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2259870*, lpNumberOfBytesWritten=0x15ecc8*=0x59, lpOverlapped=0x0) returned 1 [0214.445] CloseHandle (hObject=0x2cc) returned 1 [0214.520] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0214.520] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe", lpFilePart=0x0) returned 0x59 [0214.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0214.521] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe" (normalized: "c:\\users\\all users\\package cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\vc_redist.x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0214.521] GetFileType (hFile=0x2cc) returned 0x1 [0214.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0214.521] GetFileType (hFile=0x2cc) returned 0x1 [0214.521] ReadFile (in: hFile=0x2cc, lpBuffer=0x225ae28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x225ae28*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0214.527] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0214.527] WriteFile (in: hFile=0x2cc, lpBuffer=0x225ae28*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x225ae28*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0214.527] CloseHandle (hObject=0x2cc) returned 1 [0214.562] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe", lpFilePart=0x0) returned 0x59 [0214.563] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe.rtcrypted", lpFilePart=0x0) returned 0x63 [0214.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0214.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe" (normalized: "c:\\users\\all users\\package cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\vc_redist.x64.exe"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe53ea2ce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x144365b3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14410440, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x9ed48)) returned 1 [0214.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0214.563] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe" (normalized: "c:\\users\\all users\\package cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\vc_redist.x64.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe.rtcrypted" (normalized: "c:\\users\\all users\\package cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\vc_redist.x64.exe.rtcrypted")) returned 1 [0214.565] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0214.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0214.566] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0214.566] GetFileType (hFile=0x2cc) returned 0x1 [0214.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0214.566] GetFileType (hFile=0x2cc) returned 0x1 [0214.567] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1d7 [0214.567] WriteFile (in: hFile=0x2cc, lpBuffer=0x225d810*, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x225d810*, lpNumberOfBytesWritten=0x15ecc8*=0x5a, lpOverlapped=0x0) returned 1 [0214.568] CloseHandle (hObject=0x2cc) returned 1 [0214.899] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0214.900] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", lpFilePart=0x0) returned 0x5b [0214.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0214.901] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0214.902] GetFileType (hFile=0x2cc) returned 0x1 [0214.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0214.903] GetFileType (hFile=0x2cc) returned 0x1 [0214.903] ReadFile (in: hFile=0x2cc, lpBuffer=0x228a580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x228a580*, lpNumberOfBytesRead=0x15edd8*=0x160, lpOverlapped=0x0) returned 1 [0214.905] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0214.906] WriteFile (in: hFile=0x2cc, lpBuffer=0x228a580*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x228a580*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0214.906] CloseHandle (hObject=0x2cc) returned 1 [0214.908] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", lpFilePart=0x0) returned 0x5b [0214.908] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.rtcrypted", lpFilePart=0x0) returned 0x65 [0214.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0214.908] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdac6b6a8, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x147a3e5e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x147a3e5e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x160)) returned 1 [0214.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0214.908] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.rtcrypted")) returned 1 [0214.911] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0214.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0214.912] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0214.912] GetFileType (hFile=0x2cc) returned 0x1 [0214.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0214.913] GetFileType (hFile=0x2cc) returned 0x1 [0214.913] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x231 [0214.914] WriteFile (in: hFile=0x2cc, lpBuffer=0x228cf68*, nNumberOfBytesToWrite=0x5c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x228cf68*, lpNumberOfBytesWritten=0x15ecc8*=0x5c, lpOverlapped=0x0) returned 1 [0214.926] CloseHandle (hObject=0x2cc) returned 1 [0214.929] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0214.929] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", lpFilePart=0x0) returned 0x5d [0214.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0214.930] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0214.930] GetFileType (hFile=0x2cc) returned 0x1 [0214.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0214.931] GetFileType (hFile=0x2cc) returned 0x1 [0214.931] ReadFile (in: hFile=0x2cc, lpBuffer=0x228e540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x228e540*, lpNumberOfBytesRead=0x15edd8*=0x14e, lpOverlapped=0x0) returned 1 [0214.934] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0214.934] WriteFile (in: hFile=0x2cc, lpBuffer=0x228e540*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x228e540*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0214.935] CloseHandle (hObject=0x2cc) returned 1 [0214.936] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", lpFilePart=0x0) returned 0x5d [0214.936] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.rtcrypted", lpFilePart=0x0) returned 0x67 [0214.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0214.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdac6b6a8, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x147f0726, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x147f0726, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x14e)) returned 1 [0214.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0214.937] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.rtcrypted")) returned 1 [0214.939] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0214.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0214.939] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0214.939] GetFileType (hFile=0x2cc) returned 0x1 [0214.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0214.939] GetFileType (hFile=0x2cc) returned 0x1 [0214.940] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x28d [0214.940] WriteFile (in: hFile=0x2cc, lpBuffer=0x2290fc8*, nNumberOfBytesToWrite=0x5e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2290fc8*, lpNumberOfBytesWritten=0x15ecc8*=0x5e, lpOverlapped=0x0) returned 1 [0214.941] CloseHandle (hObject=0x2cc) returned 1 [0214.944] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0214.944] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk", lpFilePart=0x0) returned 0x4b [0214.944] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0214.945] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0214.950] GetFileType (hFile=0x2cc) returned 0x1 [0214.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0214.950] GetFileType (hFile=0x2cc) returned 0x1 [0214.950] ReadFile (in: hFile=0x2cc, lpBuffer=0x2292578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2292578*, lpNumberOfBytesRead=0x15edd8*=0x458, lpOverlapped=0x0) returned 1 [0214.955] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0214.956] WriteFile (in: hFile=0x2cc, lpBuffer=0x2292578*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2292578*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0214.956] CloseHandle (hObject=0x2cc) returned 1 [0214.958] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk", lpFilePart=0x0) returned 0x4b [0214.958] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk.rtcrypted", lpFilePart=0x0) returned 0x55 [0214.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0214.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc82ddb24, ftCreationTime.dwHighDateTime=0x1d5ace3, ftLastAccessTime.dwLowDateTime=0x148167b2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x148167b2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x458)) returned 1 [0214.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0214.958] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk.rtcrypted")) returned 1 [0214.960] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0214.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0214.960] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0214.960] GetFileType (hFile=0x2cc) returned 0x1 [0214.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0214.961] GetFileType (hFile=0x2cc) returned 0x1 [0214.961] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2eb [0214.962] WriteFile (in: hFile=0x2cc, lpBuffer=0x2294ee0*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2294ee0*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0214.962] CloseHandle (hObject=0x2cc) returned 1 [0215.113] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.114] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk", lpFilePart=0x0) returned 0x60 [0215.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.114] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\magnify.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.115] GetFileType (hFile=0x2cc) returned 0x1 [0215.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.115] GetFileType (hFile=0x2cc) returned 0x1 [0215.115] ReadFile (in: hFile=0x2cc, lpBuffer=0x22a8b18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22a8b18*, lpNumberOfBytesRead=0x15edd8*=0x452, lpOverlapped=0x0) returned 1 [0215.118] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.118] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a8b18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22a8b18*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.119] CloseHandle (hObject=0x2cc) returned 1 [0215.120] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk", lpFilePart=0x0) returned 0x60 [0215.120] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk.rtcrypted", lpFilePart=0x0) returned 0x6a [0215.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.120] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\magnify.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7fd94e, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x149b9e7f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14996fd6, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x452)) returned 1 [0215.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.121] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\magnify.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\magnify.lnk.rtcrypted")) returned 1 [0215.123] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.123] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.123] GetFileType (hFile=0x2cc) returned 0x1 [0215.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.123] GetFileType (hFile=0x2cc) returned 0x1 [0215.123] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x337 [0215.124] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ab540*, nNumberOfBytesToWrite=0x61, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22ab540*, lpNumberOfBytesWritten=0x15ecc8*=0x61, lpOverlapped=0x0) returned 1 [0215.124] CloseHandle (hObject=0x2cc) returned 1 [0215.126] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.126] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk", lpFilePart=0x0) returned 0x61 [0215.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.127] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\narrator.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.127] GetFileType (hFile=0x2cc) returned 0x1 [0215.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.127] GetFileType (hFile=0x2cc) returned 0x1 [0215.127] ReadFile (in: hFile=0x2cc, lpBuffer=0x22acb00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22acb00*, lpNumberOfBytesRead=0x15edd8*=0x454, lpOverlapped=0x0) returned 1 [0215.130] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.130] WriteFile (in: hFile=0x2cc, lpBuffer=0x22acb00*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22acb00*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.131] CloseHandle (hObject=0x2cc) returned 1 [0215.132] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk", lpFilePart=0x0) returned 0x61 [0215.132] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk.rtcrypted", lpFilePart=0x0) returned 0x6b [0215.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.132] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\narrator.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7fd94e, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x149b9e7f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x149b9e7f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x454)) returned 1 [0215.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.132] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\narrator.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\narrator.lnk.rtcrypted")) returned 1 [0215.134] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.136] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.136] GetFileType (hFile=0x2cc) returned 0x1 [0215.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.136] GetFileType (hFile=0x2cc) returned 0x1 [0215.136] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x398 [0215.137] WriteFile (in: hFile=0x2cc, lpBuffer=0x22af528*, nNumberOfBytesToWrite=0x62, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22af528*, lpNumberOfBytesWritten=0x15ecc8*=0x62, lpOverlapped=0x0) returned 1 [0215.137] CloseHandle (hObject=0x2cc) returned 1 [0215.139] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.139] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk", lpFilePart=0x0) returned 0x6b [0215.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.140] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\on-screen keyboard.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.141] GetFileType (hFile=0x2cc) returned 0x1 [0215.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.141] GetFileType (hFile=0x2cc) returned 0x1 [0215.141] ReadFile (in: hFile=0x2cc, lpBuffer=0x22b0b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22b0b08*, lpNumberOfBytesRead=0x15edd8*=0x452, lpOverlapped=0x0) returned 1 [0215.144] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.144] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b0b08*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22b0b08*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.146] CloseHandle (hObject=0x2cc) returned 1 [0215.147] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk", lpFilePart=0x0) returned 0x6b [0215.147] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk.rtcrypted", lpFilePart=0x0) returned 0x75 [0215.147] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\on-screen keyboard.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7fd94e, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x149e02c2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x149e02c2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x452)) returned 1 [0215.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.148] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\on-screen keyboard.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\on-screen keyboard.lnk.rtcrypted")) returned 1 [0215.227] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.227] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.228] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.228] GetFileType (hFile=0x2cc) returned 0x1 [0215.228] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.228] GetFileType (hFile=0x2cc) returned 0x1 [0215.229] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3fa [0215.230] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b3588*, nNumberOfBytesToWrite=0x6c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22b3588*, lpNumberOfBytesWritten=0x15ecc8*=0x6c, lpOverlapped=0x0) returned 1 [0215.230] CloseHandle (hObject=0x2cc) returned 1 [0215.233] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.233] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk", lpFilePart=0x0) returned 0x6c [0215.233] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.234] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\administrative tools.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.237] GetFileType (hFile=0x2cc) returned 0x1 [0215.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.237] GetFileType (hFile=0x2cc) returned 0x1 [0215.237] ReadFile (in: hFile=0x2cc, lpBuffer=0x22b4b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22b4b78*, lpNumberOfBytesRead=0x15edd8*=0x501, lpOverlapped=0x0) returned 1 [0215.240] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.241] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b4b78*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22b4b78*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.241] CloseHandle (hObject=0x2cc) returned 1 [0215.242] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk", lpFilePart=0x0) returned 0x6c [0215.242] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk.rtcrypted", lpFilePart=0x0) returned 0x76 [0215.242] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.243] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\administrative tools.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdac6b6a8, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x14ac5142, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14ac5142, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x501)) returned 1 [0215.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.243] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\administrative tools.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\administrative tools.lnk.rtcrypted")) returned 1 [0215.245] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.246] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.246] GetFileType (hFile=0x2cc) returned 0x1 [0215.246] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.246] GetFileType (hFile=0x2cc) returned 0x1 [0215.246] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x466 [0215.247] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b7600*, nNumberOfBytesToWrite=0x6d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22b7600*, lpNumberOfBytesWritten=0x15ecc8*=0x6d, lpOverlapped=0x0) returned 1 [0215.247] CloseHandle (hObject=0x2cc) returned 1 [0215.249] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.250] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk", lpFilePart=0x0) returned 0x66 [0215.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.250] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\command prompt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.250] GetFileType (hFile=0x2cc) returned 0x1 [0215.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.251] GetFileType (hFile=0x2cc) returned 0x1 [0215.251] ReadFile (in: hFile=0x2cc, lpBuffer=0x22b8bd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22b8bd0*, lpNumberOfBytesRead=0x15edd8*=0x476, lpOverlapped=0x0) returned 1 [0215.254] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.254] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b8bd0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22b8bd0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.254] CloseHandle (hObject=0x2cc) returned 1 [0215.255] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk", lpFilePart=0x0) returned 0x66 [0215.256] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk.rtcrypted", lpFilePart=0x0) returned 0x70 [0215.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.256] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\command prompt.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe74b3039, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x14aeb2e1, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14aeb2e1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x476)) returned 1 [0215.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.256] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\command prompt.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\command prompt.lnk.rtcrypted")) returned 1 [0215.386] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.387] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.387] GetFileType (hFile=0x2cc) returned 0x1 [0215.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.387] GetFileType (hFile=0x2cc) returned 0x1 [0215.388] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4d3 [0215.388] WriteFile (in: hFile=0x2cc, lpBuffer=0x22bd810*, nNumberOfBytesToWrite=0x67, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22bd810*, lpNumberOfBytesWritten=0x15ecc8*=0x67, lpOverlapped=0x0) returned 1 [0215.389] CloseHandle (hObject=0x2cc) returned 1 [0215.392] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.392] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk", lpFilePart=0x0) returned 0x60 [0215.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.393] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\computer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.393] GetFileType (hFile=0x2cc) returned 0x1 [0215.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.394] GetFileType (hFile=0x2cc) returned 0x1 [0215.394] ReadFile (in: hFile=0x2cc, lpBuffer=0x22bedd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22bedd0*, lpNumberOfBytesRead=0x15edd8*=0x14f, lpOverlapped=0x0) returned 1 [0215.398] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.398] WriteFile (in: hFile=0x2cc, lpBuffer=0x22bedd0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22bedd0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.398] CloseHandle (hObject=0x2cc) returned 1 [0215.399] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk", lpFilePart=0x0) returned 0x60 [0215.400] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk.rtcrypted", lpFilePart=0x0) returned 0x6a [0215.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.403] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\computer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdac6b6a8, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x14c42b61, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14c42b61, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x14f)) returned 1 [0215.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.403] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\computer.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\computer.lnk.rtcrypted")) returned 1 [0215.405] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.405] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.405] GetFileType (hFile=0x2cc) returned 0x1 [0215.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.405] GetFileType (hFile=0x2cc) returned 0x1 [0215.405] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x53a [0215.407] WriteFile (in: hFile=0x2cc, lpBuffer=0x22c17f8*, nNumberOfBytesToWrite=0x61, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22c17f8*, lpNumberOfBytesWritten=0x15ecc8*=0x61, lpOverlapped=0x0) returned 1 [0215.407] CloseHandle (hObject=0x2cc) returned 1 [0215.409] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.409] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk", lpFilePart=0x0) returned 0x65 [0215.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.410] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\control panel.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.410] GetFileType (hFile=0x2cc) returned 0x1 [0215.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.410] GetFileType (hFile=0x2cc) returned 0x1 [0215.410] ReadFile (in: hFile=0x2cc, lpBuffer=0x22c2dc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22c2dc8*, lpNumberOfBytesRead=0x15edd8*=0x195, lpOverlapped=0x0) returned 1 [0215.462] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.462] WriteFile (in: hFile=0x2cc, lpBuffer=0x22c2dc8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22c2dc8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.462] CloseHandle (hObject=0x2cc) returned 1 [0215.465] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk", lpFilePart=0x0) returned 0x65 [0215.465] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk.rtcrypted", lpFilePart=0x0) returned 0x6f [0215.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.466] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\control panel.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdac6b6a8, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x14cdb391, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14cdb391, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x195)) returned 1 [0215.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.466] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\control panel.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\control panel.lnk.rtcrypted")) returned 1 [0215.468] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.469] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.469] GetFileType (hFile=0x2cc) returned 0x1 [0215.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.469] GetFileType (hFile=0x2cc) returned 0x1 [0215.469] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x59b [0215.470] WriteFile (in: hFile=0x2cc, lpBuffer=0x22c5928*, nNumberOfBytesToWrite=0x66, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22c5928*, lpNumberOfBytesWritten=0x15ecc8*=0x66, lpOverlapped=0x0) returned 1 [0215.471] CloseHandle (hObject=0x2cc) returned 1 [0215.472] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.473] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk", lpFilePart=0x0) returned 0x65 [0215.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.473] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\file explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.474] GetFileType (hFile=0x2cc) returned 0x1 [0215.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.474] GetFileType (hFile=0x2cc) returned 0x1 [0215.474] ReadFile (in: hFile=0x2cc, lpBuffer=0x22c6ef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22c6ef8*, lpNumberOfBytesRead=0x15edd8*=0x197, lpOverlapped=0x0) returned 1 [0215.477] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.478] WriteFile (in: hFile=0x2cc, lpBuffer=0x22c6ef8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22c6ef8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.478] CloseHandle (hObject=0x2cc) returned 1 [0215.481] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk", lpFilePart=0x0) returned 0x65 [0215.481] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk.rtcrypted", lpFilePart=0x0) returned 0x6f [0215.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.481] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\file explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdac6b6a8, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x14d01715, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14d01715, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x197)) returned 1 [0215.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.481] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\file explorer.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\file explorer.lnk.rtcrypted")) returned 1 [0215.483] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.484] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.484] GetFileType (hFile=0x2cc) returned 0x1 [0215.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.484] GetFileType (hFile=0x2cc) returned 0x1 [0215.484] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x601 [0215.485] WriteFile (in: hFile=0x2cc, lpBuffer=0x22c9940*, nNumberOfBytesToWrite=0x66, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22c9940*, lpNumberOfBytesWritten=0x15ecc8*=0x66, lpOverlapped=0x0) returned 1 [0215.486] CloseHandle (hObject=0x2cc) returned 1 [0215.488] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.488] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk", lpFilePart=0x0) returned 0x5b [0215.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.489] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\run.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.489] GetFileType (hFile=0x2cc) returned 0x1 [0215.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.490] GetFileType (hFile=0x2cc) returned 0x1 [0215.490] ReadFile (in: hFile=0x2cc, lpBuffer=0x22caee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22caee0*, lpNumberOfBytesRead=0x15edd8*=0x199, lpOverlapped=0x0) returned 1 [0215.492] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.493] WriteFile (in: hFile=0x2cc, lpBuffer=0x22caee0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22caee0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.493] CloseHandle (hObject=0x2cc) returned 1 [0215.494] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk", lpFilePart=0x0) returned 0x5b [0215.495] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk.rtcrypted", lpFilePart=0x0) returned 0x65 [0215.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.495] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\run.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdac6b6a8, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x14d28f5e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14d28f5e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x199)) returned 1 [0215.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.495] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\run.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\run.lnk.rtcrypted")) returned 1 [0215.496] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.497] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.497] GetFileType (hFile=0x2cc) returned 0x1 [0215.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.497] GetFileType (hFile=0x2cc) returned 0x1 [0215.497] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x667 [0215.498] WriteFile (in: hFile=0x2cc, lpBuffer=0x22cd8e0*, nNumberOfBytesToWrite=0x5c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22cd8e0*, lpNumberOfBytesWritten=0x15ecc8*=0x5c, lpOverlapped=0x0) returned 1 [0215.498] CloseHandle (hObject=0x2cc) returned 1 [0215.500] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.500] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk", lpFilePart=0x0) returned 0x76 [0215.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.501] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell (x86).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.508] GetFileType (hFile=0x2cc) returned 0x1 [0215.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.508] GetFileType (hFile=0x2cc) returned 0x1 [0215.508] ReadFile (in: hFile=0x2cc, lpBuffer=0x22ceee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22ceee8*, lpNumberOfBytesRead=0x15edd8*=0x9eb, lpOverlapped=0x0) returned 1 [0215.512] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.512] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ceee8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22ceee8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.513] CloseHandle (hObject=0x2cc) returned 1 [0215.515] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk", lpFilePart=0x0) returned 0x76 [0215.515] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk.rtcrypted", lpFilePart=0x0) returned 0x80 [0215.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.515] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell (x86).lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9b733fd, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x14d73cc8, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14d73cc8, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x9eb)) returned 1 [0215.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.516] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell (x86).lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell (x86).lnk.rtcrypted")) returned 1 [0215.518] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.518] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.518] GetFileType (hFile=0x2cc) returned 0x1 [0215.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.518] GetFileType (hFile=0x2cc) returned 0x1 [0215.519] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x6c3 [0215.520] WriteFile (in: hFile=0x2cc, lpBuffer=0x22d19c0*, nNumberOfBytesToWrite=0x77, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22d19c0*, lpNumberOfBytesWritten=0x15ecc8*=0x77, lpOverlapped=0x0) returned 1 [0215.520] CloseHandle (hObject=0x2cc) returned 1 [0215.523] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.524] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk", lpFilePart=0x0) returned 0x70 [0215.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.524] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.525] GetFileType (hFile=0x2cc) returned 0x1 [0215.525] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.525] GetFileType (hFile=0x2cc) returned 0x1 [0215.525] ReadFile (in: hFile=0x2cc, lpBuffer=0x22d2fb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22d2fb0*, lpNumberOfBytesRead=0x15edd8*=0x9eb, lpOverlapped=0x0) returned 1 [0215.530] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.530] WriteFile (in: hFile=0x2cc, lpBuffer=0x22d2fb0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22d2fb0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.530] CloseHandle (hObject=0x2cc) returned 1 [0215.532] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk", lpFilePart=0x0) returned 0x70 [0215.532] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk.rtcrypted", lpFilePart=0x0) returned 0x7a [0215.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.532] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9b733fd, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x14d99f43, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14d99f43, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x9eb)) returned 1 [0215.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.533] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk.rtcrypted" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell.lnk.rtcrypted")) returned 1 [0215.534] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.535] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.535] GetFileType (hFile=0x2cc) returned 0x1 [0215.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.535] GetFileType (hFile=0x2cc) returned 0x1 [0215.536] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x73a [0215.537] WriteFile (in: hFile=0x2cc, lpBuffer=0x22d5a58*, nNumberOfBytesToWrite=0x71, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22d5a58*, lpNumberOfBytesWritten=0x15ecc8*=0x71, lpOverlapped=0x0) returned 1 [0215.537] CloseHandle (hObject=0x2cc) returned 1 [0215.539] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.539] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\3E8aHN.png", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\3E8aHN.png", lpFilePart=0x0) returned 0x2d [0215.539] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.540] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\3E8aHN.png" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\3e8ahn.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.540] GetFileType (hFile=0x2cc) returned 0x1 [0215.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.540] GetFileType (hFile=0x2cc) returned 0x1 [0215.540] ReadFile (in: hFile=0x2cc, lpBuffer=0x22d6fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22d6fa8*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.542] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.542] WriteFile (in: hFile=0x2cc, lpBuffer=0x22d6fa8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22d6fa8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.542] CloseHandle (hObject=0x2cc) returned 1 [0215.549] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\3E8aHN.png", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\3E8aHN.png", lpFilePart=0x0) returned 0x2d [0215.549] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\3E8aHN.png.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\3E8aHN.png.rtcrypted", lpFilePart=0x0) returned 0x37 [0215.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\3E8aHN.png" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\3e8ahn.png"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72209270, ftCreationTime.dwHighDateTime=0x1d9b22d, ftLastAccessTime.dwLowDateTime=0x14dc0137, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14dc0137, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x14b47)) returned 1 [0215.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.550] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\3E8aHN.png" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\3e8ahn.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\3E8aHN.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\3e8ahn.png.rtcrypted")) returned 1 [0215.552] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.552] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.552] GetFileType (hFile=0x2cc) returned 0x1 [0215.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.553] GetFileType (hFile=0x2cc) returned 0x1 [0215.553] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x7ab [0215.554] WriteFile (in: hFile=0x2cc, lpBuffer=0x22d9830*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22d9830*, lpNumberOfBytesWritten=0x15ecc8*=0x2e, lpOverlapped=0x0) returned 1 [0215.554] CloseHandle (hObject=0x2cc) returned 1 [0215.556] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.556] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CRk7sEcLxn.ppt", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CRk7sEcLxn.ppt", lpFilePart=0x0) returned 0x31 [0215.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.569] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CRk7sEcLxn.ppt" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\crk7seclxn.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.569] GetFileType (hFile=0x2cc) returned 0x1 [0215.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.569] GetFileType (hFile=0x2cc) returned 0x1 [0215.570] ReadFile (in: hFile=0x2cc, lpBuffer=0x22dad90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22dad90*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.570] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.571] WriteFile (in: hFile=0x2cc, lpBuffer=0x22dad90*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22dad90*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.571] CloseHandle (hObject=0x2cc) returned 1 [0215.574] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CRk7sEcLxn.ppt", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CRk7sEcLxn.ppt", lpFilePart=0x0) returned 0x31 [0215.575] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CRk7sEcLxn.ppt.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CRk7sEcLxn.ppt.rtcrypted", lpFilePart=0x0) returned 0x3b [0215.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.575] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CRk7sEcLxn.ppt" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\crk7seclxn.ppt"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d54f920, ftCreationTime.dwHighDateTime=0x1d9ac65, ftLastAccessTime.dwLowDateTime=0x14e0c804, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14de63ea, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xa41a)) returned 1 [0215.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.575] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CRk7sEcLxn.ppt" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\crk7seclxn.ppt"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CRk7sEcLxn.ppt.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\crk7seclxn.ppt.rtcrypted")) returned 1 [0215.577] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.578] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.578] GetFileType (hFile=0x2cc) returned 0x1 [0215.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.578] GetFileType (hFile=0x2cc) returned 0x1 [0215.578] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x7d9 [0215.579] WriteFile (in: hFile=0x2cc, lpBuffer=0x22dd638*, nNumberOfBytesToWrite=0x32, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22dd638*, lpNumberOfBytesWritten=0x15ecc8*=0x32, lpOverlapped=0x0) returned 1 [0215.580] CloseHandle (hObject=0x2cc) returned 1 [0215.582] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.582] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CSRpjbn.docx", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CSRpjbn.docx", lpFilePart=0x0) returned 0x2f [0215.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.583] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CSRpjbn.docx" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\csrpjbn.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.583] GetFileType (hFile=0x2cc) returned 0x1 [0215.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.583] GetFileType (hFile=0x2cc) returned 0x1 [0215.583] ReadFile (in: hFile=0x2cc, lpBuffer=0x22deb90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22deb90*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.584] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.584] WriteFile (in: hFile=0x2cc, lpBuffer=0x22deb90*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22deb90*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.584] CloseHandle (hObject=0x2cc) returned 1 [0215.586] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CSRpjbn.docx", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CSRpjbn.docx", lpFilePart=0x0) returned 0x2f [0215.587] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CSRpjbn.docx.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CSRpjbn.docx.rtcrypted", lpFilePart=0x0) returned 0x39 [0215.587] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CSRpjbn.docx" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\csrpjbn.docx"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe368db40, ftCreationTime.dwHighDateTime=0x1d9a698, ftLastAccessTime.dwLowDateTime=0x14e0c804, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14e0c804, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x361e)) returned 1 [0215.587] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.587] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CSRpjbn.docx" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\csrpjbn.docx"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CSRpjbn.docx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\csrpjbn.docx.rtcrypted")) returned 1 [0215.589] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.590] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.590] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.590] GetFileType (hFile=0x2cc) returned 0x1 [0215.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.590] GetFileType (hFile=0x2cc) returned 0x1 [0215.591] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x80b [0215.593] WriteFile (in: hFile=0x2cc, lpBuffer=0x22e1430*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22e1430*, lpNumberOfBytesWritten=0x15ecc8*=0x30, lpOverlapped=0x0) returned 1 [0215.593] CloseHandle (hObject=0x2cc) returned 1 [0215.595] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.596] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\DMLxoOU.bmp", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\DMLxoOU.bmp", lpFilePart=0x0) returned 0x2e [0215.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.596] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\DMLxoOU.bmp" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\dmlxoou.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.596] GetFileType (hFile=0x2cc) returned 0x1 [0215.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.597] GetFileType (hFile=0x2cc) returned 0x1 [0215.597] ReadFile (in: hFile=0x2cc, lpBuffer=0x22e2980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22e2980*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.598] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.598] WriteFile (in: hFile=0x2cc, lpBuffer=0x22e2980*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22e2980*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.598] CloseHandle (hObject=0x2cc) returned 1 [0215.610] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\DMLxoOU.bmp", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\DMLxoOU.bmp", lpFilePart=0x0) returned 0x2e [0215.610] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\DMLxoOU.bmp.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\DMLxoOU.bmp.rtcrypted", lpFilePart=0x0) returned 0x38 [0215.610] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.611] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\DMLxoOU.bmp" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\dmlxoou.bmp"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7b42710, ftCreationTime.dwHighDateTime=0x1d9afa0, ftLastAccessTime.dwLowDateTime=0x14e329e6, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14e329e6, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x1254b)) returned 1 [0215.611] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.611] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\DMLxoOU.bmp" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\dmlxoou.bmp"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\DMLxoOU.bmp.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\dmlxoou.bmp.rtcrypted")) returned 1 [0215.613] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.613] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.613] GetFileType (hFile=0x2cc) returned 0x1 [0215.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.614] GetFileType (hFile=0x2cc) returned 0x1 [0215.614] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x83b [0215.615] WriteFile (in: hFile=0x2cc, lpBuffer=0x22e5218*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22e5218*, lpNumberOfBytesWritten=0x15ecc8*=0x2f, lpOverlapped=0x0) returned 1 [0215.616] CloseHandle (hObject=0x2cc) returned 1 [0215.618] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.618] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\eHXp79eO.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\eHXp79eO.mp3", lpFilePart=0x0) returned 0x2f [0215.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.619] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\eHXp79eO.mp3" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\ehxp79eo.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.619] GetFileType (hFile=0x2cc) returned 0x1 [0215.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.619] GetFileType (hFile=0x2cc) returned 0x1 [0215.620] ReadFile (in: hFile=0x2cc, lpBuffer=0x22e6770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22e6770*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.620] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.620] WriteFile (in: hFile=0x2cc, lpBuffer=0x22e6770*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22e6770*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.621] CloseHandle (hObject=0x2cc) returned 1 [0215.622] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\eHXp79eO.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\eHXp79eO.mp3", lpFilePart=0x0) returned 0x2f [0215.622] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\eHXp79eO.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\eHXp79eO.mp3.rtcrypted", lpFilePart=0x0) returned 0x39 [0215.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.622] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\eHXp79eO.mp3" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\ehxp79eo.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36e4690, ftCreationTime.dwHighDateTime=0x1d9b524, ftLastAccessTime.dwLowDateTime=0x14e7ed87, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14e7ed87, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x1c81)) returned 1 [0215.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.623] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\eHXp79eO.mp3" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\ehxp79eo.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\eHXp79eO.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\ehxp79eo.mp3.rtcrypted")) returned 1 [0215.625] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.625] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.625] GetFileType (hFile=0x2cc) returned 0x1 [0215.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.626] GetFileType (hFile=0x2cc) returned 0x1 [0215.626] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x86a [0215.628] WriteFile (in: hFile=0x2cc, lpBuffer=0x22e9010*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22e9010*, lpNumberOfBytesWritten=0x15ecc8*=0x30, lpOverlapped=0x0) returned 1 [0215.628] CloseHandle (hObject=0x2cc) returned 1 [0215.630] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.630] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\EIweEXdtYapI-M.doc", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\EIweEXdtYapI-M.doc", lpFilePart=0x0) returned 0x35 [0215.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.631] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\EIweEXdtYapI-M.doc" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\eiweexdtyapi-m.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.631] GetFileType (hFile=0x2cc) returned 0x1 [0215.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.631] GetFileType (hFile=0x2cc) returned 0x1 [0215.632] ReadFile (in: hFile=0x2cc, lpBuffer=0x22ea580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22ea580*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.632] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.632] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ea580*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22ea580*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.633] CloseHandle (hObject=0x2cc) returned 1 [0215.639] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\EIweEXdtYapI-M.doc", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\EIweEXdtYapI-M.doc", lpFilePart=0x0) returned 0x35 [0215.639] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\EIweEXdtYapI-M.doc.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\EIweEXdtYapI-M.doc.rtcrypted", lpFilePart=0x0) returned 0x3f [0215.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.639] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\EIweEXdtYapI-M.doc" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\eiweexdtyapi-m.doc"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2fbdc00, ftCreationTime.dwHighDateTime=0x1d9ae9d, ftLastAccessTime.dwLowDateTime=0x14ea51ff, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14e7ed87, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x11ba7)) returned 1 [0215.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.639] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\EIweEXdtYapI-M.doc" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\eiweexdtyapi-m.doc"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\EIweEXdtYapI-M.doc.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\eiweexdtyapi-m.doc.rtcrypted")) returned 1 [0215.641] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.642] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.642] GetFileType (hFile=0x2cc) returned 0x1 [0215.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.642] GetFileType (hFile=0x2cc) returned 0x1 [0215.642] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x89a [0215.643] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ece30*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22ece30*, lpNumberOfBytesWritten=0x15ecc8*=0x36, lpOverlapped=0x0) returned 1 [0215.643] CloseHandle (hObject=0x2cc) returned 1 [0215.645] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.647] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\FHPuaK.png", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\FHPuaK.png", lpFilePart=0x0) returned 0x2d [0215.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.647] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\FHPuaK.png" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\fhpuak.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.647] GetFileType (hFile=0x2cc) returned 0x1 [0215.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.647] GetFileType (hFile=0x2cc) returned 0x1 [0215.648] ReadFile (in: hFile=0x2cc, lpBuffer=0x22ee398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22ee398*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.652] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.652] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ee398*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22ee398*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.652] CloseHandle (hObject=0x2cc) returned 1 [0215.658] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\FHPuaK.png", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\FHPuaK.png", lpFilePart=0x0) returned 0x2d [0215.658] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\FHPuaK.png.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\FHPuaK.png.rtcrypted", lpFilePart=0x0) returned 0x37 [0215.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\FHPuaK.png" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\fhpuak.png"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3825050, ftCreationTime.dwHighDateTime=0x1d9b536, ftLastAccessTime.dwLowDateTime=0x14ecb353, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14ecb353, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x9c90)) returned 1 [0215.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.658] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\FHPuaK.png" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\fhpuak.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\FHPuaK.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\fhpuak.png.rtcrypted")) returned 1 [0215.660] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.660] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.661] GetFileType (hFile=0x2cc) returned 0x1 [0215.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.661] GetFileType (hFile=0x2cc) returned 0x1 [0215.661] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x8d0 [0215.662] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f0c08*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22f0c08*, lpNumberOfBytesWritten=0x15ecc8*=0x2e, lpOverlapped=0x0) returned 1 [0215.662] CloseHandle (hObject=0x2cc) returned 1 [0215.664] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.665] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\fKIJsgucmnFedTn EAkl.bmp", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\fKIJsgucmnFedTn EAkl.bmp", lpFilePart=0x0) returned 0x3b [0215.665] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.666] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\fKIJsgucmnFedTn EAkl.bmp" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\fkijsgucmnfedtn eakl.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.667] GetFileType (hFile=0x2cc) returned 0x1 [0215.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.667] GetFileType (hFile=0x2cc) returned 0x1 [0215.667] ReadFile (in: hFile=0x2cc, lpBuffer=0x22f21a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22f21a8*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.668] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.668] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f21a8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22f21a8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.668] CloseHandle (hObject=0x2cc) returned 1 [0215.673] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\fKIJsgucmnFedTn EAkl.bmp", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\fKIJsgucmnFedTn EAkl.bmp", lpFilePart=0x0) returned 0x3b [0215.673] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\fKIJsgucmnFedTn EAkl.bmp.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\fKIJsgucmnFedTn EAkl.bmp.rtcrypted", lpFilePart=0x0) returned 0x45 [0215.673] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.673] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\fKIJsgucmnFedTn EAkl.bmp" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\fkijsgucmnfedtn eakl.bmp"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47ec35b0, ftCreationTime.dwHighDateTime=0x1d9aa92, ftLastAccessTime.dwLowDateTime=0x14ef1606, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14ef1606, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x12194)) returned 1 [0215.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.673] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\fKIJsgucmnFedTn EAkl.bmp" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\fkijsgucmnfedtn eakl.bmp"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\fKIJsgucmnFedTn EAkl.bmp.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\fkijsgucmnfedtn eakl.bmp.rtcrypted")) returned 1 [0215.675] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.675] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.675] GetFileType (hFile=0x2cc) returned 0x1 [0215.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.675] GetFileType (hFile=0x2cc) returned 0x1 [0215.675] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x8fe [0215.676] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f4a90*, nNumberOfBytesToWrite=0x3c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22f4a90*, lpNumberOfBytesWritten=0x15ecc8*=0x3c, lpOverlapped=0x0) returned 1 [0215.676] CloseHandle (hObject=0x2cc) returned 1 [0215.678] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.679] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\G50O8m9fIZrG8.mp4", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\G50O8m9fIZrG8.mp4", lpFilePart=0x0) returned 0x34 [0215.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.679] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\G50O8m9fIZrG8.mp4" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\g50o8m9fizrg8.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.680] GetFileType (hFile=0x2cc) returned 0x1 [0215.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.680] GetFileType (hFile=0x2cc) returned 0x1 [0215.681] ReadFile (in: hFile=0x2cc, lpBuffer=0x22f6018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22f6018*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.681] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.681] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f6018*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22f6018*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.683] CloseHandle (hObject=0x2cc) returned 1 [0215.688] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\G50O8m9fIZrG8.mp4", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\G50O8m9fIZrG8.mp4", lpFilePart=0x0) returned 0x34 [0215.688] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\G50O8m9fIZrG8.mp4.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\G50O8m9fIZrG8.mp4.rtcrypted", lpFilePart=0x0) returned 0x3e [0215.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.688] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\G50O8m9fIZrG8.mp4" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\g50o8m9fizrg8.mp4"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1a68480, ftCreationTime.dwHighDateTime=0x1d9afb6, ftLastAccessTime.dwLowDateTime=0x14f1761e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14f1761e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x1279d)) returned 1 [0215.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.688] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\G50O8m9fIZrG8.mp4" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\g50o8m9fizrg8.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\G50O8m9fIZrG8.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\g50o8m9fizrg8.mp4.rtcrypted")) returned 1 [0215.690] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.690] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.691] GetFileType (hFile=0x2cc) returned 0x1 [0215.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.691] GetFileType (hFile=0x2cc) returned 0x1 [0215.691] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x93a [0215.692] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f88c8*, nNumberOfBytesToWrite=0x35, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22f88c8*, lpNumberOfBytesWritten=0x15ecc8*=0x35, lpOverlapped=0x0) returned 1 [0215.692] CloseHandle (hObject=0x2cc) returned 1 [0215.694] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.695] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MfGYDk9Y.ppt", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MfGYDk9Y.ppt", lpFilePart=0x0) returned 0x2f [0215.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.695] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MfGYDk9Y.ppt" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\mfgydk9y.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.695] GetFileType (hFile=0x2cc) returned 0x1 [0215.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.696] GetFileType (hFile=0x2cc) returned 0x1 [0215.696] ReadFile (in: hFile=0x2cc, lpBuffer=0x22f9e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22f9e38*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.717] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.717] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f9e38*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22f9e38*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.717] CloseHandle (hObject=0x2cc) returned 1 [0215.723] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MfGYDk9Y.ppt", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MfGYDk9Y.ppt", lpFilePart=0x0) returned 0x2f [0215.723] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MfGYDk9Y.ppt.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MfGYDk9Y.ppt.rtcrypted", lpFilePart=0x0) returned 0x39 [0215.723] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.723] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MfGYDk9Y.ppt" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\mfgydk9y.ppt"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63d40e90, ftCreationTime.dwHighDateTime=0x1d9a670, ftLastAccessTime.dwLowDateTime=0x14f63d12, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14f63d12, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x12b5a)) returned 1 [0215.724] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.724] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MfGYDk9Y.ppt" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\mfgydk9y.ppt"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MfGYDk9Y.ppt.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\mfgydk9y.ppt.rtcrypted")) returned 1 [0215.725] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.726] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.726] GetFileType (hFile=0x2cc) returned 0x1 [0215.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.726] GetFileType (hFile=0x2cc) returned 0x1 [0215.726] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x96f [0215.727] WriteFile (in: hFile=0x2cc, lpBuffer=0x22fc6c0*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22fc6c0*, lpNumberOfBytesWritten=0x15ecc8*=0x30, lpOverlapped=0x0) returned 1 [0215.727] CloseHandle (hObject=0x2cc) returned 1 [0215.730] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.730] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MV73nxGICe.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MV73nxGICe.jpg", lpFilePart=0x0) returned 0x31 [0215.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.731] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MV73nxGICe.jpg" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\mv73nxgice.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.731] GetFileType (hFile=0x2cc) returned 0x1 [0215.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.731] GetFileType (hFile=0x2cc) returned 0x1 [0215.732] ReadFile (in: hFile=0x2cc, lpBuffer=0x22fdc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22fdc38*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.733] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.733] WriteFile (in: hFile=0x2cc, lpBuffer=0x22fdc38*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22fdc38*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.733] CloseHandle (hObject=0x2cc) returned 1 [0215.737] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MV73nxGICe.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MV73nxGICe.jpg", lpFilePart=0x0) returned 0x31 [0215.737] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MV73nxGICe.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MV73nxGICe.jpg.rtcrypted", lpFilePart=0x0) returned 0x3b [0215.737] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.737] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MV73nxGICe.jpg" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\mv73nxgice.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85867a60, ftCreationTime.dwHighDateTime=0x1d9a5ca, ftLastAccessTime.dwLowDateTime=0x14f8a400, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x14f8a400, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xa92a)) returned 1 [0215.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.737] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MV73nxGICe.jpg" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\mv73nxgice.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MV73nxGICe.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\mv73nxgice.jpg.rtcrypted")) returned 1 [0215.739] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.739] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.739] GetFileType (hFile=0x2cc) returned 0x1 [0215.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.740] GetFileType (hFile=0x2cc) returned 0x1 [0215.740] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x99f [0215.742] WriteFile (in: hFile=0x2cc, lpBuffer=0x23004e0*, nNumberOfBytesToWrite=0x32, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x23004e0*, lpNumberOfBytesWritten=0x15ecc8*=0x32, lpOverlapped=0x0) returned 1 [0215.742] CloseHandle (hObject=0x2cc) returned 1 [0215.745] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.746] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\nE3j.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\nE3j.mp3", lpFilePart=0x0) returned 0x2b [0215.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.746] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\nE3j.mp3" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\ne3j.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.746] GetFileType (hFile=0x2cc) returned 0x1 [0215.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.746] GetFileType (hFile=0x2cc) returned 0x1 [0215.809] ReadFile (in: hFile=0x2cc, lpBuffer=0x211aef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x211aef8*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.810] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.810] WriteFile (in: hFile=0x2cc, lpBuffer=0x211aef8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x211aef8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.810] CloseHandle (hObject=0x2cc) returned 1 [0215.813] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\nE3j.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\nE3j.mp3", lpFilePart=0x0) returned 0x2b [0215.813] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\nE3j.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\nE3j.mp3.rtcrypted", lpFilePart=0x0) returned 0x35 [0215.813] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.813] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\nE3j.mp3" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\ne3j.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x995554c0, ftCreationTime.dwHighDateTime=0x1d9acd8, ftLastAccessTime.dwLowDateTime=0x150489b9, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x150489b9, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xb705)) returned 1 [0215.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.814] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\nE3j.mp3" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\ne3j.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\nE3j.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\ne3j.mp3.rtcrypted")) returned 1 [0215.815] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.816] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.816] GetFileType (hFile=0x2cc) returned 0x1 [0215.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.817] GetFileType (hFile=0x2cc) returned 0x1 [0215.817] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x9d1 [0215.817] WriteFile (in: hFile=0x2cc, lpBuffer=0x211d978*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x211d978*, lpNumberOfBytesWritten=0x15ecc8*=0x2c, lpOverlapped=0x0) returned 1 [0215.818] CloseHandle (hObject=0x2cc) returned 1 [0215.820] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.820] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OTMBVrH.mp4", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OTMBVrH.mp4", lpFilePart=0x0) returned 0x2e [0215.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.821] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OTMBVrH.mp4" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\otmbvrh.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.821] GetFileType (hFile=0x2cc) returned 0x1 [0215.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.821] GetFileType (hFile=0x2cc) returned 0x1 [0215.822] ReadFile (in: hFile=0x2cc, lpBuffer=0x211eee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x211eee0*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.824] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.825] WriteFile (in: hFile=0x2cc, lpBuffer=0x211eee0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x211eee0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.825] CloseHandle (hObject=0x2cc) returned 1 [0215.830] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OTMBVrH.mp4", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OTMBVrH.mp4", lpFilePart=0x0) returned 0x2e [0215.830] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OTMBVrH.mp4.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OTMBVrH.mp4.rtcrypted", lpFilePart=0x0) returned 0x38 [0215.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.830] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OTMBVrH.mp4" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\otmbvrh.mp4"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a47b50, ftCreationTime.dwHighDateTime=0x1d9b3ff, ftLastAccessTime.dwLowDateTime=0x1506ec3d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1506ec3d, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x16688)) returned 1 [0215.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.831] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OTMBVrH.mp4" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\otmbvrh.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OTMBVrH.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\otmbvrh.mp4.rtcrypted")) returned 1 [0215.832] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.833] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.833] GetFileType (hFile=0x2cc) returned 0x1 [0215.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.833] GetFileType (hFile=0x2cc) returned 0x1 [0215.833] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x9fd [0215.834] WriteFile (in: hFile=0x2cc, lpBuffer=0x2121760*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2121760*, lpNumberOfBytesWritten=0x15ecc8*=0x2f, lpOverlapped=0x0) returned 1 [0215.834] CloseHandle (hObject=0x2cc) returned 1 [0215.836] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.837] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OvLGXdJo_8CMQ.doc", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OvLGXdJo_8CMQ.doc", lpFilePart=0x0) returned 0x34 [0215.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.837] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OvLGXdJo_8CMQ.doc" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\ovlgxdjo_8cmq.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.838] GetFileType (hFile=0x2cc) returned 0x1 [0215.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.839] GetFileType (hFile=0x2cc) returned 0x1 [0215.839] ReadFile (in: hFile=0x2cc, lpBuffer=0x2122ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2122ce8*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.840] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.840] WriteFile (in: hFile=0x2cc, lpBuffer=0x2122ce8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2122ce8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.840] CloseHandle (hObject=0x2cc) returned 1 [0215.844] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OvLGXdJo_8CMQ.doc", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OvLGXdJo_8CMQ.doc", lpFilePart=0x0) returned 0x34 [0215.844] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OvLGXdJo_8CMQ.doc.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OvLGXdJo_8CMQ.doc.rtcrypted", lpFilePart=0x0) returned 0x3e [0215.844] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.844] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OvLGXdJo_8CMQ.doc" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\ovlgxdjo_8cmq.doc"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83036450, ftCreationTime.dwHighDateTime=0x1d9aa30, ftLastAccessTime.dwLowDateTime=0x15094f9f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15094f9f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x712d)) returned 1 [0215.844] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.844] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OvLGXdJo_8CMQ.doc" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\ovlgxdjo_8cmq.doc"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OvLGXdJo_8CMQ.doc.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\ovlgxdjo_8cmq.doc.rtcrypted")) returned 1 [0215.847] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.847] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.848] GetFileType (hFile=0x2cc) returned 0x1 [0215.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.848] GetFileType (hFile=0x2cc) returned 0x1 [0215.848] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xa2c [0215.848] WriteFile (in: hFile=0x2cc, lpBuffer=0x2125598*, nNumberOfBytesToWrite=0x35, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2125598*, lpNumberOfBytesWritten=0x15ecc8*=0x35, lpOverlapped=0x0) returned 1 [0215.849] CloseHandle (hObject=0x2cc) returned 1 [0215.851] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.851] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\P4nhTG-oMiEDYv2EH.png", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\P4nhTG-oMiEDYv2EH.png", lpFilePart=0x0) returned 0x38 [0215.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.852] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\P4nhTG-oMiEDYv2EH.png" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\p4nhtg-omiedyv2eh.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.852] GetFileType (hFile=0x2cc) returned 0x1 [0215.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.852] GetFileType (hFile=0x2cc) returned 0x1 [0215.853] ReadFile (in: hFile=0x2cc, lpBuffer=0x2126b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2126b30*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.892] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.892] WriteFile (in: hFile=0x2cc, lpBuffer=0x2126b30*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2126b30*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.893] CloseHandle (hObject=0x2cc) returned 1 [0215.896] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\P4nhTG-oMiEDYv2EH.png", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\P4nhTG-oMiEDYv2EH.png", lpFilePart=0x0) returned 0x38 [0215.897] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\P4nhTG-oMiEDYv2EH.png.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\P4nhTG-oMiEDYv2EH.png.rtcrypted", lpFilePart=0x0) returned 0x42 [0215.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.897] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\P4nhTG-oMiEDYv2EH.png" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\p4nhtg-omiedyv2eh.png"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc18c1a40, ftCreationTime.dwHighDateTime=0x1d9adc4, ftLastAccessTime.dwLowDateTime=0x1510960f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1510960f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x1234e)) returned 1 [0215.897] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.897] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\P4nhTG-oMiEDYv2EH.png" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\p4nhtg-omiedyv2eh.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\P4nhTG-oMiEDYv2EH.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\p4nhtg-omiedyv2eh.png.rtcrypted")) returned 1 [0215.900] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.901] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.901] GetFileType (hFile=0x2cc) returned 0x1 [0215.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.901] GetFileType (hFile=0x2cc) returned 0x1 [0215.901] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xa61 [0215.902] WriteFile (in: hFile=0x2cc, lpBuffer=0x2129400*, nNumberOfBytesToWrite=0x39, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2129400*, lpNumberOfBytesWritten=0x15ecc8*=0x39, lpOverlapped=0x0) returned 1 [0215.902] CloseHandle (hObject=0x2cc) returned 1 [0215.904] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.905] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\snzDMqSsgLa.docx", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\snzDMqSsgLa.docx", lpFilePart=0x0) returned 0x33 [0215.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.905] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\snzDMqSsgLa.docx" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\snzdmqssgla.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.905] GetFileType (hFile=0x2cc) returned 0x1 [0215.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.906] GetFileType (hFile=0x2cc) returned 0x1 [0215.906] ReadFile (in: hFile=0x2cc, lpBuffer=0x212a980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x212a980*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.906] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.907] WriteFile (in: hFile=0x2cc, lpBuffer=0x212a980*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x212a980*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.907] CloseHandle (hObject=0x2cc) returned 1 [0215.909] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\snzDMqSsgLa.docx", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\snzDMqSsgLa.docx", lpFilePart=0x0) returned 0x33 [0215.909] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\snzDMqSsgLa.docx.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\snzDMqSsgLa.docx.rtcrypted", lpFilePart=0x0) returned 0x3d [0215.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.910] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\snzDMqSsgLa.docx" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\snzdmqssgla.docx"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9e8ce60, ftCreationTime.dwHighDateTime=0x1d9ae27, ftLastAccessTime.dwLowDateTime=0x1512d5db, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1512d5db, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x8c79)) returned 1 [0215.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.910] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\snzDMqSsgLa.docx" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\snzdmqssgla.docx"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\snzDMqSsgLa.docx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\snzdmqssgla.docx.rtcrypted")) returned 1 [0215.911] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.912] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.912] GetFileType (hFile=0x2cc) returned 0x1 [0215.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.912] GetFileType (hFile=0x2cc) returned 0x1 [0215.912] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xa9a [0215.912] WriteFile (in: hFile=0x2cc, lpBuffer=0x212d228*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x212d228*, lpNumberOfBytesWritten=0x15ecc8*=0x34, lpOverlapped=0x0) returned 1 [0215.913] CloseHandle (hObject=0x2cc) returned 1 [0215.914] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.914] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\_tsyATtiMqRdse.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\_tsyATtiMqRdse.mp3", lpFilePart=0x0) returned 0x35 [0215.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.915] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\_tsyATtiMqRdse.mp3" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\_tsyattimqrdse.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.915] GetFileType (hFile=0x2cc) returned 0x1 [0215.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.915] GetFileType (hFile=0x2cc) returned 0x1 [0215.915] ReadFile (in: hFile=0x2cc, lpBuffer=0x212e7b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x212e7b0*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.927] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.928] WriteFile (in: hFile=0x2cc, lpBuffer=0x212e7b0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x212e7b0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.928] CloseHandle (hObject=0x2cc) returned 1 [0215.933] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\_tsyATtiMqRdse.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\_tsyATtiMqRdse.mp3", lpFilePart=0x0) returned 0x35 [0215.933] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\_tsyATtiMqRdse.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\_tsyATtiMqRdse.mp3.rtcrypted", lpFilePart=0x0) returned 0x3f [0215.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.933] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\_tsyATtiMqRdse.mp3" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\_tsyattimqrdse.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29901350, ftCreationTime.dwHighDateTime=0x1d9b1e7, ftLastAccessTime.dwLowDateTime=0x1516a256, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1516a256, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x18e72)) returned 1 [0215.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.934] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\_tsyATtiMqRdse.mp3" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\_tsyattimqrdse.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\_tsyATtiMqRdse.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\_tsyattimqrdse.mp3.rtcrypted")) returned 1 [0215.935] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0215.935] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0215.936] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0215.936] GetFileType (hFile=0x2cc) returned 0x1 [0215.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0215.936] GetFileType (hFile=0x2cc) returned 0x1 [0215.936] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xace [0215.937] WriteFile (in: hFile=0x2cc, lpBuffer=0x2131060*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2131060*, lpNumberOfBytesWritten=0x15ecc8*=0x36, lpOverlapped=0x0) returned 1 [0215.937] CloseHandle (hObject=0x2cc) returned 1 [0215.939] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0215.939] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\__elk.ppt", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\__elk.ppt", lpFilePart=0x0) returned 0x2c [0215.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0215.940] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\__elk.ppt" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\__elk.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0215.940] GetFileType (hFile=0x2cc) returned 0x1 [0215.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0215.940] GetFileType (hFile=0x2cc) returned 0x1 [0215.940] ReadFile (in: hFile=0x2cc, lpBuffer=0x21325c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21325c8*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0215.983] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0215.983] WriteFile (in: hFile=0x2cc, lpBuffer=0x21325c8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21325c8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0215.983] CloseHandle (hObject=0x2cc) returned 1 [0215.987] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\__elk.ppt", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\__elk.ppt", lpFilePart=0x0) returned 0x2c [0215.987] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\__elk.ppt.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\__elk.ppt.rtcrypted", lpFilePart=0x0) returned 0x36 [0215.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0215.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\__elk.ppt" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\__elk.ppt"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fee08c0, ftCreationTime.dwHighDateTime=0x1d9b1bd, ftLastAccessTime.dwLowDateTime=0x151ec3fe, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x151ec3fe, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xed87)) returned 1 [0215.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0215.988] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\__elk.ppt" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\__elk.ppt"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\__elk.ppt.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\__elk.ppt.rtcrypted")) returned 1 [0216.070] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.071] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.071] GetFileType (hFile=0x2cc) returned 0x1 [0216.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.071] GetFileType (hFile=0x2cc) returned 0x1 [0216.071] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xb04 [0216.072] WriteFile (in: hFile=0x2cc, lpBuffer=0x2174e28*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2174e28*, lpNumberOfBytesWritten=0x15ecc8*=0x2d, lpOverlapped=0x0) returned 1 [0216.073] CloseHandle (hObject=0x2cc) returned 1 [0216.076] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.076] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Edge.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Edge.lnk", lpFilePart=0x0) returned 0x5e [0216.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.077] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Edge.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft edge.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.077] GetFileType (hFile=0x2cc) returned 0x1 [0216.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.078] GetFileType (hFile=0x2cc) returned 0x1 [0216.078] ReadFile (in: hFile=0x2cc, lpBuffer=0x2176400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2176400*, lpNumberOfBytesRead=0x15edd8*=0x939, lpOverlapped=0x0) returned 1 [0216.083] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.083] WriteFile (in: hFile=0x2cc, lpBuffer=0x2176400*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2176400*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0216.084] CloseHandle (hObject=0x2cc) returned 1 [0216.085] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Edge.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Edge.lnk", lpFilePart=0x0) returned 0x5e [0216.085] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Edge.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Edge.lnk.rtcrypted", lpFilePart=0x0) returned 0x68 [0216.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.085] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Edge.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft edge.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a690777, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x152d0ee6, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x152d0ee6, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x939)) returned 1 [0216.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.086] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Edge.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft edge.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Edge.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft edge.lnk.rtcrypted")) returned 1 [0216.087] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.088] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.089] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.089] GetFileType (hFile=0x2cc) returned 0x1 [0216.089] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.089] GetFileType (hFile=0x2cc) returned 0x1 [0216.089] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xb31 [0216.090] WriteFile (in: hFile=0x2cc, lpBuffer=0x2178e00*, nNumberOfBytesToWrite=0x5f, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2178e00*, lpNumberOfBytesWritten=0x15ecc8*=0x5f, lpOverlapped=0x0) returned 1 [0216.090] CloseHandle (hObject=0x2cc) returned 1 [0216.091] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.092] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", lpFilePart=0x0) returned 0x5d [0216.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.092] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.093] GetFileType (hFile=0x2cc) returned 0x1 [0216.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.093] GetFileType (hFile=0x2cc) returned 0x1 [0216.093] ReadFile (in: hFile=0x2cc, lpBuffer=0x217a3d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x217a3d8*, lpNumberOfBytesRead=0x15edd8*=0x160, lpOverlapped=0x0) returned 1 [0216.096] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.096] WriteFile (in: hFile=0x2cc, lpBuffer=0x217a3d8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x217a3d8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0216.096] CloseHandle (hObject=0x2cc) returned 1 [0216.097] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", lpFilePart=0x0) returned 0x5d [0216.097] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.rtcrypted", lpFilePart=0x0) returned 0x67 [0216.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.097] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32cd4669, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x152f7373, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x152f7373, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x160)) returned 1 [0216.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.097] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.rtcrypted")) returned 1 [0216.099] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.099] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.100] GetFileType (hFile=0x2cc) returned 0x1 [0216.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.100] GetFileType (hFile=0x2cc) returned 0x1 [0216.100] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xb90 [0216.100] WriteFile (in: hFile=0x2cc, lpBuffer=0x217cdc8*, nNumberOfBytesToWrite=0x5e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x217cdc8*, lpNumberOfBytesWritten=0x15ecc8*=0x5e, lpOverlapped=0x0) returned 1 [0216.101] CloseHandle (hObject=0x2cc) returned 1 [0216.102] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.103] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", lpFilePart=0x0) returned 0x5f [0216.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.103] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.104] GetFileType (hFile=0x2cc) returned 0x1 [0216.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.104] GetFileType (hFile=0x2cc) returned 0x1 [0216.105] ReadFile (in: hFile=0x2cc, lpBuffer=0x217e3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x217e3a0*, lpNumberOfBytesRead=0x15edd8*=0x14e, lpOverlapped=0x0) returned 1 [0216.273] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.274] WriteFile (in: hFile=0x2cc, lpBuffer=0x217e3a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x217e3a0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0216.274] CloseHandle (hObject=0x2cc) returned 1 [0216.275] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", lpFilePart=0x0) returned 0x5f [0216.275] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.rtcrypted", lpFilePart=0x0) returned 0x69 [0216.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32cae1ee, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x1549abb7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1549abb7, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x14e)) returned 1 [0216.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.279] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.rtcrypted")) returned 1 [0216.282] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.282] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.283] GetFileType (hFile=0x2cc) returned 0x1 [0216.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.283] GetFileType (hFile=0x2cc) returned 0x1 [0216.283] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xbee [0216.283] WriteFile (in: hFile=0x2cc, lpBuffer=0x2180da8*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2180da8*, lpNumberOfBytesWritten=0x15ecc8*=0x60, lpOverlapped=0x0) returned 1 [0216.284] CloseHandle (hObject=0x2cc) returned 1 [0216.286] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.287] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk", lpFilePart=0x0) returned 0x71 [0216.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.287] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\file explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.287] GetFileType (hFile=0x2cc) returned 0x1 [0216.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.287] GetFileType (hFile=0x2cc) returned 0x1 [0216.288] ReadFile (in: hFile=0x2cc, lpBuffer=0x21823a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21823a8*, lpNumberOfBytesRead=0x15edd8*=0x197, lpOverlapped=0x0) returned 1 [0216.289] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.289] WriteFile (in: hFile=0x2cc, lpBuffer=0x21823a8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21823a8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0216.290] CloseHandle (hObject=0x2cc) returned 1 [0216.305] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk", lpFilePart=0x0) returned 0x71 [0216.305] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk.rtcrypted", lpFilePart=0x0) returned 0x7b [0216.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.305] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\file explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6771075a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x154c959b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x154c959b, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x197)) returned 1 [0216.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.306] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\file explorer.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\file explorer.lnk.rtcrypted")) returned 1 [0216.310] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.311] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.311] GetFileType (hFile=0x2cc) returned 0x1 [0216.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.312] GetFileType (hFile=0x2cc) returned 0x1 [0216.312] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xc4e [0216.312] WriteFile (in: hFile=0x2cc, lpBuffer=0x2184e38*, nNumberOfBytesToWrite=0x72, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2184e38*, lpNumberOfBytesWritten=0x15ecc8*=0x72, lpOverlapped=0x0) returned 1 [0216.312] CloseHandle (hObject=0x2cc) returned 1 [0216.316] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.317] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk", lpFilePart=0x0) returned 0x6b [0216.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.317] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.318] GetFileType (hFile=0x2cc) returned 0x1 [0216.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.318] GetFileType (hFile=0x2cc) returned 0x1 [0216.318] ReadFile (in: hFile=0x2cc, lpBuffer=0x2186418, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2186418*, lpNumberOfBytesRead=0x15edd8*=0x3f3, lpOverlapped=0x0) returned 1 [0216.320] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.320] WriteFile (in: hFile=0x2cc, lpBuffer=0x2186418*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2186418*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0216.321] CloseHandle (hObject=0x2cc) returned 1 [0216.323] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk", lpFilePart=0x0) returned 0x6b [0216.323] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk.rtcrypted", lpFilePart=0x0) returned 0x75 [0216.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.323] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\firefox.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x945a0c62, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x1550cf36, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1550cf36, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3f3)) returned 1 [0216.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.324] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\firefox.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\firefox.lnk.rtcrypted")) returned 1 [0216.325] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.326] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.326] GetFileType (hFile=0x2cc) returned 0x1 [0216.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.326] GetFileType (hFile=0x2cc) returned 0x1 [0216.326] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xcc0 [0216.327] WriteFile (in: hFile=0x2cc, lpBuffer=0x2188e80*, nNumberOfBytesToWrite=0x6c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2188e80*, lpNumberOfBytesWritten=0x15ecc8*=0x6c, lpOverlapped=0x0) returned 1 [0216.327] CloseHandle (hObject=0x2cc) returned 1 [0216.335] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.336] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk", lpFilePart=0x0) returned 0x72 [0216.336] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.336] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\microsoft edge.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.336] GetFileType (hFile=0x2cc) returned 0x1 [0216.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.337] GetFileType (hFile=0x2cc) returned 0x1 [0216.337] ReadFile (in: hFile=0x2cc, lpBuffer=0x218a480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x218a480*, lpNumberOfBytesRead=0x15edd8*=0x97b, lpOverlapped=0x0) returned 1 [0216.444] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.444] WriteFile (in: hFile=0x2cc, lpBuffer=0x218a480*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x218a480*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0216.445] CloseHandle (hObject=0x2cc) returned 1 [0216.575] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk", lpFilePart=0x0) returned 0x72 [0216.575] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk.rtcrypted", lpFilePart=0x0) returned 0x7c [0216.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.575] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\microsoft edge.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d22462f, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x1563e300, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1563e300, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x97b)) returned 1 [0216.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.576] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\microsoft edge.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\microsoft edge.lnk.rtcrypted")) returned 1 [0216.641] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.641] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.641] GetFileType (hFile=0x2cc) returned 0x1 [0216.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.642] GetFileType (hFile=0x2cc) returned 0x1 [0216.642] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xd2c [0216.642] WriteFile (in: hFile=0x2cc, lpBuffer=0x218cf20*, nNumberOfBytesToWrite=0x73, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x218cf20*, lpNumberOfBytesWritten=0x15ecc8*=0x73, lpOverlapped=0x0) returned 1 [0216.642] CloseHandle (hObject=0x2cc) returned 1 [0216.644] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.645] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt", lpFilePart=0x0) returned 0x62 [0216.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.645] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\powershell\\psreadline\\consolehost_history.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.646] GetFileType (hFile=0x2cc) returned 0x1 [0216.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.646] GetFileType (hFile=0x2cc) returned 0x1 [0216.646] ReadFile (in: hFile=0x2cc, lpBuffer=0x218e508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x218e508*, lpNumberOfBytesRead=0x15edd8*=0x50, lpOverlapped=0x0) returned 1 [0216.649] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.649] WriteFile (in: hFile=0x2cc, lpBuffer=0x218e508*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x218e508*, lpNumberOfBytesWritten=0x15edb8*=0x50, lpOverlapped=0x0) returned 1 [0216.649] CloseHandle (hObject=0x2cc) returned 1 [0216.651] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt", lpFilePart=0x0) returned 0x62 [0216.651] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt.rtcrypted", lpFilePart=0x0) returned 0x6c [0216.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.651] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\powershell\\psreadline\\consolehost_history.txt"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fc2682, ftCreationTime.dwHighDateTime=0x1d942b2, ftLastAccessTime.dwLowDateTime=0x1582e700, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1582e700, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x50)) returned 1 [0216.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.652] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\powershell\\psreadline\\consolehost_history.txt"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\powershell\\psreadline\\consolehost_history.txt.rtcrypted")) returned 1 [0216.653] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.653] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.654] GetFileType (hFile=0x2cc) returned 0x1 [0216.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.654] GetFileType (hFile=0x2cc) returned 0x1 [0216.654] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xd9f [0216.654] WriteFile (in: hFile=0x2cc, lpBuffer=0x2190f28*, nNumberOfBytesToWrite=0x63, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2190f28*, lpNumberOfBytesWritten=0x15ecc8*=0x63, lpOverlapped=0x0) returned 1 [0216.654] CloseHandle (hObject=0x2cc) returned 1 [0216.657] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.657] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-5Ui6BLg2cDEZ1aGZI_.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-5Ui6BLg2cDEZ1aGZI_.lnk", lpFilePart=0x0) returned 0x53 [0216.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.657] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-5Ui6BLg2cDEZ1aGZI_.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-5ui6blg2cdez1agzi_.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.658] GetFileType (hFile=0x2cc) returned 0x1 [0216.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.658] GetFileType (hFile=0x2cc) returned 0x1 [0216.658] ReadFile (in: hFile=0x2cc, lpBuffer=0x21924f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21924f0*, lpNumberOfBytesRead=0x15edd8*=0x55a, lpOverlapped=0x0) returned 1 [0216.658] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.659] WriteFile (in: hFile=0x2cc, lpBuffer=0x21924f0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21924f0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0216.659] CloseHandle (hObject=0x2cc) returned 1 [0216.660] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-5Ui6BLg2cDEZ1aGZI_.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-5Ui6BLg2cDEZ1aGZI_.lnk", lpFilePart=0x0) returned 0x53 [0216.660] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-5Ui6BLg2cDEZ1aGZI_.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-5Ui6BLg2cDEZ1aGZI_.lnk.rtcrypted", lpFilePart=0x0) returned 0x5d [0216.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.660] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-5Ui6BLg2cDEZ1aGZI_.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-5ui6blg2cdez1agzi_.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbd3a1fb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15854871, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15854871, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x55a)) returned 1 [0216.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.660] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-5Ui6BLg2cDEZ1aGZI_.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-5ui6blg2cdez1agzi_.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-5Ui6BLg2cDEZ1aGZI_.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-5ui6blg2cdez1agzi_.lnk.rtcrypted")) returned 1 [0216.662] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.663] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.663] GetFileType (hFile=0x2cc) returned 0x1 [0216.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.663] GetFileType (hFile=0x2cc) returned 0x1 [0216.663] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xe02 [0216.664] WriteFile (in: hFile=0x2cc, lpBuffer=0x2194e98*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2194e98*, lpNumberOfBytesWritten=0x15ecc8*=0x54, lpOverlapped=0x0) returned 1 [0216.664] CloseHandle (hObject=0x2cc) returned 1 [0216.666] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.666] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-6JvN5S1cqNGvPDY.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-6JvN5S1cqNGvPDY.lnk", lpFilePart=0x0) returned 0x50 [0216.666] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.667] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-6JvN5S1cqNGvPDY.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-6jvn5s1cqngvpdy.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.667] GetFileType (hFile=0x2cc) returned 0x1 [0216.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.667] GetFileType (hFile=0x2cc) returned 0x1 [0216.667] ReadFile (in: hFile=0x2cc, lpBuffer=0x2196460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2196460*, lpNumberOfBytesRead=0x15edd8*=0x39e, lpOverlapped=0x0) returned 1 [0216.668] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.668] WriteFile (in: hFile=0x2cc, lpBuffer=0x2196460*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2196460*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0216.668] CloseHandle (hObject=0x2cc) returned 1 [0216.778] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-6JvN5S1cqNGvPDY.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-6JvN5S1cqNGvPDY.lnk", lpFilePart=0x0) returned 0x50 [0216.778] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-6JvN5S1cqNGvPDY.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-6JvN5S1cqNGvPDY.lnk.rtcrypted", lpFilePart=0x0) returned 0x5a [0216.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-6JvN5S1cqNGvPDY.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-6jvn5s1cqngvpdy.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0356707, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15854871, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15854871, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x39e)) returned 1 [0216.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.778] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-6JvN5S1cqNGvPDY.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-6jvn5s1cqngvpdy.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-6JvN5S1cqNGvPDY.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-6jvn5s1cqngvpdy.lnk.rtcrypted")) returned 1 [0216.779] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.780] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.780] GetFileType (hFile=0x2cc) returned 0x1 [0216.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.780] GetFileType (hFile=0x2cc) returned 0x1 [0216.780] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xe56 [0216.781] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d4518*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21d4518*, lpNumberOfBytesWritten=0x15ecc8*=0x51, lpOverlapped=0x0) returned 1 [0216.781] CloseHandle (hObject=0x2cc) returned 1 [0216.783] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.783] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mUkc.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mUkc.lnk", lpFilePart=0x0) returned 0x45 [0216.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.784] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mUkc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-mukc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.784] GetFileType (hFile=0x2cc) returned 0x1 [0216.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.784] GetFileType (hFile=0x2cc) returned 0x1 [0216.784] ReadFile (in: hFile=0x2cc, lpBuffer=0x21d5a98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21d5a98*, lpNumberOfBytesRead=0x15edd8*=0x226, lpOverlapped=0x0) returned 1 [0216.785] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.785] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d5a98*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21d5a98*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0216.785] CloseHandle (hObject=0x2cc) returned 1 [0216.786] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mUkc.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mUkc.lnk", lpFilePart=0x0) returned 0x45 [0216.786] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mUkc.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mUkc.lnk.rtcrypted", lpFilePart=0x0) returned 0x4f [0216.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.786] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mUkc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-mukc.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d16ca25, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x15985b87, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15985b87, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x226)) returned 1 [0216.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.787] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mUkc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-mukc.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mUkc.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-mukc.lnk.rtcrypted")) returned 1 [0216.788] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.789] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.789] GetFileType (hFile=0x2cc) returned 0x1 [0216.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.789] GetFileType (hFile=0x2cc) returned 0x1 [0216.789] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xea7 [0216.790] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d83e0*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21d83e0*, lpNumberOfBytesWritten=0x15ecc8*=0x46, lpOverlapped=0x0) returned 1 [0216.790] CloseHandle (hObject=0x2cc) returned 1 [0216.794] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.795] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-TpGaKVbHa97zgS.ppt.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-TpGaKVbHa97zgS.ppt.lnk", lpFilePart=0x0) returned 0x53 [0216.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.795] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-TpGaKVbHa97zgS.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-tpgakvbha97zgs.ppt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.796] GetFileType (hFile=0x2cc) returned 0x1 [0216.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.796] GetFileType (hFile=0x2cc) returned 0x1 [0216.796] ReadFile (in: hFile=0x2cc, lpBuffer=0x21d9990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21d9990*, lpNumberOfBytesRead=0x15edd8*=0x462, lpOverlapped=0x0) returned 1 [0216.796] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.796] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d9990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21d9990*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0216.797] CloseHandle (hObject=0x2cc) returned 1 [0216.798] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-TpGaKVbHa97zgS.ppt.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-TpGaKVbHa97zgS.ppt.lnk", lpFilePart=0x0) returned 0x53 [0216.798] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-TpGaKVbHa97zgS.ppt.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-TpGaKVbHa97zgS.ppt.lnk.rtcrypted", lpFilePart=0x0) returned 0x5d [0216.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.798] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-TpGaKVbHa97zgS.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-tpgakvbha97zgs.ppt.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xddec9178, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x159b0853, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x159b0853, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x462)) returned 1 [0216.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.798] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-TpGaKVbHa97zgS.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-tpgakvbha97zgs.ppt.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-TpGaKVbHa97zgS.ppt.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\-tpgakvbha97zgs.ppt.lnk.rtcrypted")) returned 1 [0216.810] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.889] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.889] GetFileType (hFile=0x2cc) returned 0x1 [0216.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.889] GetFileType (hFile=0x2cc) returned 0x1 [0216.889] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xeed [0216.890] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e0dc8*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21e0dc8*, lpNumberOfBytesWritten=0x15ecc8*=0x54, lpOverlapped=0x0) returned 1 [0216.890] CloseHandle (hObject=0x2cc) returned 1 [0216.896] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.896] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\167VqDu0.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\167VqDu0.lnk", lpFilePart=0x0) returned 0x48 [0216.896] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.897] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\167VqDu0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\167vqdu0.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.897] GetFileType (hFile=0x2cc) returned 0x1 [0216.897] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.897] GetFileType (hFile=0x2cc) returned 0x1 [0216.897] ReadFile (in: hFile=0x2cc, lpBuffer=0x21e2370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21e2370*, lpNumberOfBytesRead=0x15edd8*=0x438, lpOverlapped=0x0) returned 1 [0216.898] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.898] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e2370*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21e2370*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0216.899] CloseHandle (hObject=0x2cc) returned 1 [0216.904] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\167VqDu0.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\167VqDu0.lnk", lpFilePart=0x0) returned 0x48 [0216.904] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\167VqDu0.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\167VqDu0.lnk.rtcrypted", lpFilePart=0x0) returned 0x52 [0216.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\167VqDu0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\167vqdu0.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea2c2dbe, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15a909d1, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15a909d1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x438)) returned 1 [0216.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.905] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\167VqDu0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\167vqdu0.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\167VqDu0.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\167vqdu0.lnk.rtcrypted")) returned 1 [0216.906] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.907] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.907] GetFileType (hFile=0x2cc) returned 0x1 [0216.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.907] GetFileType (hFile=0x2cc) returned 0x1 [0216.908] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xf41 [0216.909] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e4cc0*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21e4cc0*, lpNumberOfBytesWritten=0x15ecc8*=0x49, lpOverlapped=0x0) returned 1 [0216.909] CloseHandle (hObject=0x2cc) returned 1 [0216.912] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.913] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sJQfwB3SA1-aIl-.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sJQfwB3SA1-aIl-.lnk", lpFilePart=0x0) returned 0x50 [0216.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.914] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sJQfwB3SA1-aIl-.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\2sjqfwb3sa1-ail-.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.915] GetFileType (hFile=0x2cc) returned 0x1 [0216.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.915] GetFileType (hFile=0x2cc) returned 0x1 [0216.916] ReadFile (in: hFile=0x2cc, lpBuffer=0x21e6288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21e6288*, lpNumberOfBytesRead=0x15edd8*=0x498, lpOverlapped=0x0) returned 1 [0216.937] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.937] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e6288*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21e6288*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0216.938] CloseHandle (hObject=0x2cc) returned 1 [0216.943] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sJQfwB3SA1-aIl-.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sJQfwB3SA1-aIl-.lnk", lpFilePart=0x0) returned 0x50 [0216.943] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sJQfwB3SA1-aIl-.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sJQfwB3SA1-aIl-.lnk.rtcrypted", lpFilePart=0x0) returned 0x5a [0216.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.943] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sJQfwB3SA1-aIl-.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\2sjqfwb3sa1-ail-.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3201206, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15b0ec3a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15b0ec3a, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x498)) returned 1 [0216.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.944] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sJQfwB3SA1-aIl-.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\2sjqfwb3sa1-ail-.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sJQfwB3SA1-aIl-.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\2sjqfwb3sa1-ail-.lnk.rtcrypted")) returned 1 [0216.945] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.946] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0216.946] GetFileType (hFile=0x2cc) returned 0x1 [0216.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0216.946] GetFileType (hFile=0x2cc) returned 0x1 [0216.946] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xf8a [0216.947] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e8c18*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21e8c18*, lpNumberOfBytesWritten=0x15ecc8*=0x51, lpOverlapped=0x0) returned 1 [0216.947] CloseHandle (hObject=0x2cc) returned 1 [0216.992] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0216.992] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3bJ1.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3bJ1.lnk", lpFilePart=0x0) returned 0x44 [0216.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0216.993] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3bJ1.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3bj1.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0216.993] GetFileType (hFile=0x2cc) returned 0x1 [0216.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0216.993] GetFileType (hFile=0x2cc) returned 0x1 [0216.994] ReadFile (in: hFile=0x2cc, lpBuffer=0x21ea1b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21ea1b0*, lpNumberOfBytesRead=0x15edd8*=0x46e, lpOverlapped=0x0) returned 1 [0216.995] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0216.995] WriteFile (in: hFile=0x2cc, lpBuffer=0x21ea1b0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21ea1b0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0216.996] CloseHandle (hObject=0x2cc) returned 1 [0216.997] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3bJ1.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3bJ1.lnk", lpFilePart=0x0) returned 0x44 [0216.997] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3bJ1.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3bJ1.lnk.rtcrypted", lpFilePart=0x0) returned 0x4e [0216.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0216.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3bJ1.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3bj1.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf920a32a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15b9c3c5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15b9c3c5, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x46e)) returned 1 [0216.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0216.997] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3bJ1.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3bj1.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3bJ1.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3bj1.lnk.rtcrypted")) returned 1 [0216.999] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0216.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0216.999] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.000] GetFileType (hFile=0x2cc) returned 0x1 [0217.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.000] GetFileType (hFile=0x2cc) returned 0x1 [0217.000] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0xfdb [0217.000] WriteFile (in: hFile=0x2cc, lpBuffer=0x21ecae0*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21ecae0*, lpNumberOfBytesWritten=0x15ecc8*=0x45, lpOverlapped=0x0) returned 1 [0217.001] CloseHandle (hObject=0x2cc) returned 1 [0217.003] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.003] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3E8aHN.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3E8aHN.lnk", lpFilePart=0x0) returned 0x46 [0217.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.004] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3E8aHN.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3e8ahn.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.004] GetFileType (hFile=0x2cc) returned 0x1 [0217.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.004] GetFileType (hFile=0x2cc) returned 0x1 [0217.005] ReadFile (in: hFile=0x2cc, lpBuffer=0x21ee078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21ee078*, lpNumberOfBytesRead=0x15edd8*=0x3d6, lpOverlapped=0x0) returned 1 [0217.005] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.005] WriteFile (in: hFile=0x2cc, lpBuffer=0x21ee078*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21ee078*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.005] CloseHandle (hObject=0x2cc) returned 1 [0217.007] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3E8aHN.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3E8aHN.lnk", lpFilePart=0x0) returned 0x46 [0217.007] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3E8aHN.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3E8aHN.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0217.007] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.007] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3E8aHN.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3e8ahn.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf52a3b29, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15b9c3c5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15b9c3c5, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3d6)) returned 1 [0217.007] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.007] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3E8aHN.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3e8ahn.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3E8aHN.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3e8ahn.lnk.rtcrypted")) returned 1 [0217.009] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.009] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.009] GetFileType (hFile=0x2cc) returned 0x1 [0217.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.009] GetFileType (hFile=0x2cc) returned 0x1 [0217.009] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1020 [0217.104] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f09b8*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21f09b8*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0217.105] CloseHandle (hObject=0x2cc) returned 1 [0217.107] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.107] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3HUK6hE8Sxy4S31RG.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3HUK6hE8Sxy4S31RG.lnk", lpFilePart=0x0) returned 0x51 [0217.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.107] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3HUK6hE8Sxy4S31RG.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3huk6he8sxy4s31rg.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.108] GetFileType (hFile=0x2cc) returned 0x1 [0217.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.108] GetFileType (hFile=0x2cc) returned 0x1 [0217.108] ReadFile (in: hFile=0x2cc, lpBuffer=0x21f1f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21f1f80*, lpNumberOfBytesRead=0x15edd8*=0x49d, lpOverlapped=0x0) returned 1 [0217.108] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.108] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f1f80*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21f1f80*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.109] CloseHandle (hObject=0x2cc) returned 1 [0217.111] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3HUK6hE8Sxy4S31RG.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3HUK6hE8Sxy4S31RG.lnk", lpFilePart=0x0) returned 0x51 [0217.111] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3HUK6hE8Sxy4S31RG.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3HUK6hE8Sxy4S31RG.lnk.rtcrypted", lpFilePart=0x0) returned 0x5b [0217.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.111] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3HUK6hE8Sxy4S31RG.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3huk6he8sxy4s31rg.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffd512f6, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15ca6bb9, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15ca6bb9, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x49d)) returned 1 [0217.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.111] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3HUK6hE8Sxy4S31RG.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3huk6he8sxy4s31rg.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3HUK6hE8Sxy4S31RG.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3huk6he8sxy4s31rg.lnk.rtcrypted")) returned 1 [0217.112] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.113] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.113] GetFileType (hFile=0x2cc) returned 0x1 [0217.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.113] GetFileType (hFile=0x2cc) returned 0x1 [0217.113] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1067 [0217.114] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f4910*, nNumberOfBytesToWrite=0x52, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21f4910*, lpNumberOfBytesWritten=0x15ecc8*=0x52, lpOverlapped=0x0) returned 1 [0217.114] CloseHandle (hObject=0x2cc) returned 1 [0217.116] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.116] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3mZ1.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3mZ1.lnk", lpFilePart=0x0) returned 0x44 [0217.116] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.117] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3mZ1.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3mz1.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.117] GetFileType (hFile=0x2cc) returned 0x1 [0217.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.117] GetFileType (hFile=0x2cc) returned 0x1 [0217.117] ReadFile (in: hFile=0x2cc, lpBuffer=0x21f5e90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21f5e90*, lpNumberOfBytesRead=0x15edd8*=0x599, lpOverlapped=0x0) returned 1 [0217.117] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.117] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f5e90*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21f5e90*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.118] CloseHandle (hObject=0x2cc) returned 1 [0217.183] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3mZ1.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3mZ1.lnk", lpFilePart=0x0) returned 0x44 [0217.183] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3mZ1.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3mZ1.lnk.rtcrypted", lpFilePart=0x0) returned 0x4e [0217.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.183] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3mZ1.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3mz1.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedfef3c8, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15ca6bb9, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15ca6bb9, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x599)) returned 1 [0217.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.184] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3mZ1.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3mz1.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3mZ1.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3mz1.lnk.rtcrypted")) returned 1 [0217.186] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.186] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.186] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.186] GetFileType (hFile=0x2cc) returned 0x1 [0217.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.187] GetFileType (hFile=0x2cc) returned 0x1 [0217.187] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x10b9 [0217.188] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f87d8*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21f87d8*, lpNumberOfBytesWritten=0x15ecc8*=0x45, lpOverlapped=0x0) returned 1 [0217.188] CloseHandle (hObject=0x2cc) returned 1 [0217.189] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.190] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3oUk3Xp.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3oUk3Xp.lnk", lpFilePart=0x0) returned 0x47 [0217.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.190] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3oUk3Xp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3ouk3xp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.190] GetFileType (hFile=0x2cc) returned 0x1 [0217.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.191] GetFileType (hFile=0x2cc) returned 0x1 [0217.191] ReadFile (in: hFile=0x2cc, lpBuffer=0x21f9d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21f9d58*, lpNumberOfBytesRead=0x15edd8*=0x431, lpOverlapped=0x0) returned 1 [0217.191] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.191] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f9d58*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21f9d58*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.191] CloseHandle (hObject=0x2cc) returned 1 [0217.192] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3oUk3Xp.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3oUk3Xp.lnk", lpFilePart=0x0) returned 0x47 [0217.192] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3oUk3Xp.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3oUk3Xp.lnk.rtcrypted", lpFilePart=0x0) returned 0x51 [0217.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.193] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3oUk3Xp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3ouk3xp.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefd2f803, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15d656ac, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15d656ac, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x431)) returned 1 [0217.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.193] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3oUk3Xp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3ouk3xp.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3oUk3Xp.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3ouk3xp.lnk.rtcrypted")) returned 1 [0217.194] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.195] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.195] GetFileType (hFile=0x2cc) returned 0x1 [0217.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.195] GetFileType (hFile=0x2cc) returned 0x1 [0217.195] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x10fe [0217.195] WriteFile (in: hFile=0x2cc, lpBuffer=0x21fc6b8*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21fc6b8*, lpNumberOfBytesWritten=0x15ecc8*=0x48, lpOverlapped=0x0) returned 1 [0217.196] CloseHandle (hObject=0x2cc) returned 1 [0217.202] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.203] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3p6 ohHYs9-.csv.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3p6 ohHYs9-.csv.lnk", lpFilePart=0x0) returned 0x4f [0217.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.203] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3p6 ohHYs9-.csv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3p6 ohhys9-.csv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.204] GetFileType (hFile=0x2cc) returned 0x1 [0217.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.204] GetFileType (hFile=0x2cc) returned 0x1 [0217.205] ReadFile (in: hFile=0x2cc, lpBuffer=0x21fdc58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21fdc58*, lpNumberOfBytesRead=0x15edd8*=0x555, lpOverlapped=0x0) returned 1 [0217.205] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.205] WriteFile (in: hFile=0x2cc, lpBuffer=0x21fdc58*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21fdc58*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.206] CloseHandle (hObject=0x2cc) returned 1 [0217.208] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3p6 ohHYs9-.csv.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3p6 ohHYs9-.csv.lnk", lpFilePart=0x0) returned 0x4f [0217.208] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3p6 ohHYs9-.csv.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3p6 ohHYs9-.csv.lnk.rtcrypted", lpFilePart=0x0) returned 0x59 [0217.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.208] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3p6 ohHYs9-.csv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3p6 ohhys9-.csv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaec0b78, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x15d8bdc3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15d8bdc3, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x555)) returned 1 [0217.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.209] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3p6 ohHYs9-.csv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3p6 ohhys9-.csv.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3p6 ohHYs9-.csv.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3p6 ohhys9-.csv.lnk.rtcrypted")) returned 1 [0217.211] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.212] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.212] GetFileType (hFile=0x2cc) returned 0x1 [0217.212] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.212] GetFileType (hFile=0x2cc) returned 0x1 [0217.213] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1146 [0217.214] WriteFile (in: hFile=0x2cc, lpBuffer=0x22005f8*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22005f8*, lpNumberOfBytesWritten=0x15ecc8*=0x50, lpOverlapped=0x0) returned 1 [0217.215] CloseHandle (hObject=0x2cc) returned 1 [0217.217] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.218] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3q1llB5Op_QjTca2eDNb.odp.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3q1llB5Op_QjTca2eDNb.odp.lnk", lpFilePart=0x0) returned 0x58 [0217.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.218] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3q1llB5Op_QjTca2eDNb.odp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3q1llb5op_qjtca2ednb.odp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.219] GetFileType (hFile=0x2cc) returned 0x1 [0217.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.219] GetFileType (hFile=0x2cc) returned 0x1 [0217.219] ReadFile (in: hFile=0x2cc, lpBuffer=0x2201bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2201bc8*, lpNumberOfBytesRead=0x15edd8*=0x597, lpOverlapped=0x0) returned 1 [0217.220] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.220] WriteFile (in: hFile=0x2cc, lpBuffer=0x2201bc8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2201bc8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.220] CloseHandle (hObject=0x2cc) returned 1 [0217.221] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3q1llB5Op_QjTca2eDNb.odp.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3q1llB5Op_QjTca2eDNb.odp.lnk", lpFilePart=0x0) returned 0x58 [0217.221] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3q1llB5Op_QjTca2eDNb.odp.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3q1llB5Op_QjTca2eDNb.odp.lnk.rtcrypted", lpFilePart=0x0) returned 0x62 [0217.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.222] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3q1llB5Op_QjTca2eDNb.odp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3q1llb5op_qjtca2ednb.odp.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xececc585, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15db20f8, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15db20f8, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x597)) returned 1 [0217.222] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.222] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3q1llB5Op_QjTca2eDNb.odp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3q1llb5op_qjtca2ednb.odp.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3q1llB5Op_QjTca2eDNb.odp.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3q1llb5op_qjtca2ednb.odp.lnk.rtcrypted")) returned 1 [0217.224] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.224] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.225] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.225] GetFileType (hFile=0x2cc) returned 0x1 [0217.225] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.225] GetFileType (hFile=0x2cc) returned 0x1 [0217.225] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1196 [0217.226] WriteFile (in: hFile=0x2cc, lpBuffer=0x22045b0*, nNumberOfBytesToWrite=0x59, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22045b0*, lpNumberOfBytesWritten=0x15ecc8*=0x59, lpOverlapped=0x0) returned 1 [0217.226] CloseHandle (hObject=0x2cc) returned 1 [0217.228] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.276] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3um74xQY2dRtB2 VeQ.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3um74xQY2dRtB2 VeQ.lnk", lpFilePart=0x0) returned 0x52 [0217.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.276] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3um74xQY2dRtB2 VeQ.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3um74xqy2drtb2 veq.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.277] GetFileType (hFile=0x2cc) returned 0x1 [0217.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.277] GetFileType (hFile=0x2cc) returned 0x1 [0217.277] ReadFile (in: hFile=0x2cc, lpBuffer=0x2205b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2205b60*, lpNumberOfBytesRead=0x15edd8*=0x327, lpOverlapped=0x0) returned 1 [0217.277] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.277] WriteFile (in: hFile=0x2cc, lpBuffer=0x2205b60*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2205b60*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.278] CloseHandle (hObject=0x2cc) returned 1 [0217.280] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3um74xQY2dRtB2 VeQ.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3um74xQY2dRtB2 VeQ.lnk", lpFilePart=0x0) returned 0x52 [0217.280] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3um74xQY2dRtB2 VeQ.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3um74xQY2dRtB2 VeQ.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0217.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.280] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3um74xQY2dRtB2 VeQ.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3um74xqy2drtb2 veq.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfab6c925, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15e4a376, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15e4a376, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x327)) returned 1 [0217.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.280] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3um74xQY2dRtB2 VeQ.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3um74xqy2drtb2 veq.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3um74xQY2dRtB2 VeQ.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\3um74xqy2drtb2 veq.lnk.rtcrypted")) returned 1 [0217.281] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.281] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.282] GetFileType (hFile=0x2cc) returned 0x1 [0217.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.282] GetFileType (hFile=0x2cc) returned 0x1 [0217.282] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x11ef [0217.282] WriteFile (in: hFile=0x2cc, lpBuffer=0x2208518*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2208518*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0217.282] CloseHandle (hObject=0x2cc) returned 1 [0217.284] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.284] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\40MOvGfppj4bDSgoaCIa.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\40MOvGfppj4bDSgoaCIa.lnk", lpFilePart=0x0) returned 0x54 [0217.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.285] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\40MOvGfppj4bDSgoaCIa.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\40movgfppj4bdsgoacia.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.285] GetFileType (hFile=0x2cc) returned 0x1 [0217.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.285] GetFileType (hFile=0x2cc) returned 0x1 [0217.285] ReadFile (in: hFile=0x2cc, lpBuffer=0x2209ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2209ad8*, lpNumberOfBytesRead=0x15edd8*=0x55f, lpOverlapped=0x0) returned 1 [0217.285] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.285] WriteFile (in: hFile=0x2cc, lpBuffer=0x2209ad8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2209ad8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.286] CloseHandle (hObject=0x2cc) returned 1 [0217.287] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\40MOvGfppj4bDSgoaCIa.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\40MOvGfppj4bDSgoaCIa.lnk", lpFilePart=0x0) returned 0x54 [0217.287] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\40MOvGfppj4bDSgoaCIa.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\40MOvGfppj4bDSgoaCIa.lnk.rtcrypted", lpFilePart=0x0) returned 0x5e [0217.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.287] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\40MOvGfppj4bDSgoaCIa.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\40movgfppj4bdsgoacia.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53bf1f3, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x15e4a376, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15e4a376, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x55f)) returned 1 [0217.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.287] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\40MOvGfppj4bDSgoaCIa.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\40movgfppj4bdsgoacia.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\40MOvGfppj4bDSgoaCIa.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\40movgfppj4bdsgoacia.lnk.rtcrypted")) returned 1 [0217.289] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.289] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.289] GetFileType (hFile=0x2cc) returned 0x1 [0217.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.289] GetFileType (hFile=0x2cc) returned 0x1 [0217.289] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1242 [0217.290] WriteFile (in: hFile=0x2cc, lpBuffer=0x220c4a0*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x220c4a0*, lpNumberOfBytesWritten=0x15ecc8*=0x55, lpOverlapped=0x0) returned 1 [0217.290] CloseHandle (hObject=0x2cc) returned 1 [0217.292] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.292] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO (2).lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO (2).lnk", lpFilePart=0x0) returned 0x4d [0217.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.293] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO (2).lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\5jvufsxko (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.293] GetFileType (hFile=0x2cc) returned 0x1 [0217.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.293] GetFileType (hFile=0x2cc) returned 0x1 [0217.293] ReadFile (in: hFile=0x2cc, lpBuffer=0x220da40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x220da40*, lpNumberOfBytesRead=0x15edd8*=0x475, lpOverlapped=0x0) returned 1 [0217.293] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.294] WriteFile (in: hFile=0x2cc, lpBuffer=0x220da40*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x220da40*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.294] CloseHandle (hObject=0x2cc) returned 1 [0217.295] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO (2).lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO (2).lnk", lpFilePart=0x0) returned 0x4d [0217.295] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO (2).lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO (2).lnk.rtcrypted", lpFilePart=0x0) returned 0x57 [0217.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.295] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO (2).lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\5jvufsxko (2).lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf89b207f, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15e70772, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15e70772, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x475)) returned 1 [0217.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.295] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO (2).lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\5jvufsxko (2).lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO (2).lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\5jvufsxko (2).lnk.rtcrypted")) returned 1 [0217.296] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.297] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.297] GetFileType (hFile=0x2cc) returned 0x1 [0217.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.297] GetFileType (hFile=0x2cc) returned 0x1 [0217.297] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1297 [0217.298] WriteFile (in: hFile=0x2cc, lpBuffer=0x22103c8*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22103c8*, lpNumberOfBytesWritten=0x15ecc8*=0x4e, lpOverlapped=0x0) returned 1 [0217.298] CloseHandle (hObject=0x2cc) returned 1 [0217.299] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.300] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO.lnk", lpFilePart=0x0) returned 0x49 [0217.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.300] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\5jvufsxko.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.300] GetFileType (hFile=0x2cc) returned 0x1 [0217.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.300] GetFileType (hFile=0x2cc) returned 0x1 [0217.300] ReadFile (in: hFile=0x2cc, lpBuffer=0x2211958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2211958*, lpNumberOfBytesRead=0x15edd8*=0x475, lpOverlapped=0x0) returned 1 [0217.301] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.301] WriteFile (in: hFile=0x2cc, lpBuffer=0x2211958*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2211958*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.301] CloseHandle (hObject=0x2cc) returned 1 [0217.302] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO.lnk", lpFilePart=0x0) returned 0x49 [0217.302] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO.lnk.rtcrypted", lpFilePart=0x0) returned 0x53 [0217.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.302] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\5jvufsxko.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2f9edfa, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15e70772, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15e70772, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x475)) returned 1 [0217.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.302] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\5jvufsxko.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\5jvufsxko.lnk.rtcrypted")) returned 1 [0217.304] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.304] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.304] GetFileType (hFile=0x2cc) returned 0x1 [0217.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.304] GetFileType (hFile=0x2cc) returned 0x1 [0217.304] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x12e5 [0217.305] WriteFile (in: hFile=0x2cc, lpBuffer=0x22142c0*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22142c0*, lpNumberOfBytesWritten=0x15ecc8*=0x4a, lpOverlapped=0x0) returned 1 [0217.305] CloseHandle (hObject=0x2cc) returned 1 [0217.308] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.309] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\61De8WLPska01oVom.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\61De8WLPska01oVom.lnk", lpFilePart=0x0) returned 0x51 [0217.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.309] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\61De8WLPska01oVom.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\61de8wlpska01ovom.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.309] GetFileType (hFile=0x2cc) returned 0x1 [0217.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.309] GetFileType (hFile=0x2cc) returned 0x1 [0217.309] ReadFile (in: hFile=0x2cc, lpBuffer=0x2215870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2215870*, lpNumberOfBytesRead=0x15edd8*=0x488, lpOverlapped=0x0) returned 1 [0217.309] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.310] WriteFile (in: hFile=0x2cc, lpBuffer=0x2215870*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2215870*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.310] CloseHandle (hObject=0x2cc) returned 1 [0217.311] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\61De8WLPska01oVom.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\61De8WLPska01oVom.lnk", lpFilePart=0x0) returned 0x51 [0217.311] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\61De8WLPska01oVom.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\61De8WLPska01oVom.lnk.rtcrypted", lpFilePart=0x0) returned 0x5b [0217.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.311] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\61De8WLPska01oVom.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\61de8wlpska01ovom.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc8ffcc1, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15e9678e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15e9678e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x488)) returned 1 [0217.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.311] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\61De8WLPska01oVom.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\61de8wlpska01ovom.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\61De8WLPska01oVom.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\61de8wlpska01ovom.lnk.rtcrypted")) returned 1 [0217.313] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.313] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.313] GetFileType (hFile=0x2cc) returned 0x1 [0217.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.314] GetFileType (hFile=0x2cc) returned 0x1 [0217.314] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x132f [0217.315] WriteFile (in: hFile=0x2cc, lpBuffer=0x2218218*, nNumberOfBytesToWrite=0x52, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2218218*, lpNumberOfBytesWritten=0x15ecc8*=0x52, lpOverlapped=0x0) returned 1 [0217.315] CloseHandle (hObject=0x2cc) returned 1 [0217.316] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.317] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6zSAXoBMshJ arRcZrD.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6zSAXoBMshJ arRcZrD.lnk", lpFilePart=0x0) returned 0x53 [0217.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.317] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6zSAXoBMshJ arRcZrD.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\6zsaxobmshj arrczrd.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.317] GetFileType (hFile=0x2cc) returned 0x1 [0217.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.317] GetFileType (hFile=0x2cc) returned 0x1 [0217.317] ReadFile (in: hFile=0x2cc, lpBuffer=0x22197c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22197c8*, lpNumberOfBytesRead=0x15edd8*=0x4c5, lpOverlapped=0x0) returned 1 [0217.318] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.318] WriteFile (in: hFile=0x2cc, lpBuffer=0x22197c8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22197c8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.318] CloseHandle (hObject=0x2cc) returned 1 [0217.319] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6zSAXoBMshJ arRcZrD.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6zSAXoBMshJ arRcZrD.lnk", lpFilePart=0x0) returned 0x53 [0217.319] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6zSAXoBMshJ arRcZrD.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6zSAXoBMshJ arRcZrD.lnk.rtcrypted", lpFilePart=0x0) returned 0x5d [0217.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.319] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6zSAXoBMshJ arRcZrD.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\6zsaxobmshj arrczrd.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f26ffa, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x15e9678e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15e9678e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x4c5)) returned 1 [0217.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.320] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6zSAXoBMshJ arRcZrD.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\6zsaxobmshj arrczrd.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6zSAXoBMshJ arRcZrD.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\6zsaxobmshj arrczrd.lnk.rtcrypted")) returned 1 [0217.321] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.322] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.322] GetFileType (hFile=0x2cc) returned 0x1 [0217.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.403] GetFileType (hFile=0x2cc) returned 0x1 [0217.403] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1381 [0217.404] WriteFile (in: hFile=0x2cc, lpBuffer=0x221c5a0*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x221c5a0*, lpNumberOfBytesWritten=0x15ecc8*=0x54, lpOverlapped=0x0) returned 1 [0217.404] CloseHandle (hObject=0x2cc) returned 1 [0217.406] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.406] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7AZ xi 6.odp.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7AZ xi 6.odp.lnk", lpFilePart=0x0) returned 0x4c [0217.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.407] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7AZ xi 6.odp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\7az xi 6.odp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.407] GetFileType (hFile=0x2cc) returned 0x1 [0217.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.407] GetFileType (hFile=0x2cc) returned 0x1 [0217.407] ReadFile (in: hFile=0x2cc, lpBuffer=0x221db40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x221db40*, lpNumberOfBytesRead=0x15edd8*=0x546, lpOverlapped=0x0) returned 1 [0217.407] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.408] WriteFile (in: hFile=0x2cc, lpBuffer=0x221db40*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x221db40*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.408] CloseHandle (hObject=0x2cc) returned 1 [0217.409] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7AZ xi 6.odp.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7AZ xi 6.odp.lnk", lpFilePart=0x0) returned 0x4c [0217.409] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7AZ xi 6.odp.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7AZ xi 6.odp.lnk.rtcrypted", lpFilePart=0x0) returned 0x56 [0217.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.409] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7AZ xi 6.odp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\7az xi 6.odp.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb502cfb, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x15f7b6cc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15f7b6cc, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x546)) returned 1 [0217.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.409] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7AZ xi 6.odp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\7az xi 6.odp.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7AZ xi 6.odp.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\7az xi 6.odp.lnk.rtcrypted")) returned 1 [0217.411] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.411] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.411] GetFileType (hFile=0x2cc) returned 0x1 [0217.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.412] GetFileType (hFile=0x2cc) returned 0x1 [0217.412] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x13d5 [0217.412] WriteFile (in: hFile=0x2cc, lpBuffer=0x22204c8*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22204c8*, lpNumberOfBytesWritten=0x15ecc8*=0x4d, lpOverlapped=0x0) returned 1 [0217.412] CloseHandle (hObject=0x2cc) returned 1 [0217.414] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.414] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7QSM7Bo389nPLE.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7QSM7Bo389nPLE.lnk", lpFilePart=0x0) returned 0x4e [0217.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.415] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7QSM7Bo389nPLE.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\7qsm7bo389nple.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.415] GetFileType (hFile=0x2cc) returned 0x1 [0217.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.415] GetFileType (hFile=0x2cc) returned 0x1 [0217.415] ReadFile (in: hFile=0x2cc, lpBuffer=0x2221a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2221a68*, lpNumberOfBytesRead=0x15edd8*=0x400, lpOverlapped=0x0) returned 1 [0217.415] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.415] WriteFile (in: hFile=0x2cc, lpBuffer=0x2221a68*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2221a68*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.416] CloseHandle (hObject=0x2cc) returned 1 [0217.418] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7QSM7Bo389nPLE.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7QSM7Bo389nPLE.lnk", lpFilePart=0x0) returned 0x4e [0217.418] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7QSM7Bo389nPLE.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7QSM7Bo389nPLE.lnk.rtcrypted", lpFilePart=0x0) returned 0x58 [0217.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.418] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7QSM7Bo389nPLE.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\7qsm7bo389nple.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea8dec8a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15f7b6cc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15f7b6cc, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x400)) returned 1 [0217.418] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.418] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7QSM7Bo389nPLE.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\7qsm7bo389nple.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7QSM7Bo389nPLE.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\7qsm7bo389nple.lnk.rtcrypted")) returned 1 [0217.420] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.420] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.421] GetFileType (hFile=0x2cc) returned 0x1 [0217.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.421] GetFileType (hFile=0x2cc) returned 0x1 [0217.421] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1422 [0217.421] WriteFile (in: hFile=0x2cc, lpBuffer=0x2224400*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2224400*, lpNumberOfBytesWritten=0x15ecc8*=0x4f, lpOverlapped=0x0) returned 1 [0217.422] CloseHandle (hObject=0x2cc) returned 1 [0217.423] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.424] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8gTJ48.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8gTJ48.lnk", lpFilePart=0x0) returned 0x46 [0217.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.424] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8gTJ48.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\8gtj48.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.424] GetFileType (hFile=0x2cc) returned 0x1 [0217.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.424] GetFileType (hFile=0x2cc) returned 0x1 [0217.424] ReadFile (in: hFile=0x2cc, lpBuffer=0x2225980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2225980*, lpNumberOfBytesRead=0x15edd8*=0x411, lpOverlapped=0x0) returned 1 [0217.425] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.425] WriteFile (in: hFile=0x2cc, lpBuffer=0x2225980*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2225980*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.425] CloseHandle (hObject=0x2cc) returned 1 [0217.426] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8gTJ48.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8gTJ48.lnk", lpFilePart=0x0) returned 0x46 [0217.426] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8gTJ48.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8gTJ48.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0217.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.426] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8gTJ48.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\8gtj48.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48b317b0, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x15fa29a1, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15fa29a1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x411)) returned 1 [0217.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.426] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8gTJ48.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\8gtj48.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8gTJ48.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\8gtj48.lnk.rtcrypted")) returned 1 [0217.427] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.428] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.428] GetFileType (hFile=0x2cc) returned 0x1 [0217.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.428] GetFileType (hFile=0x2cc) returned 0x1 [0217.428] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1471 [0217.429] WriteFile (in: hFile=0x2cc, lpBuffer=0x22282d8*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22282d8*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0217.429] CloseHandle (hObject=0x2cc) returned 1 [0217.430] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.430] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9bAP9Uzx.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9bAP9Uzx.lnk", lpFilePart=0x0) returned 0x48 [0217.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.431] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9bAP9Uzx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\9bap9uzx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.431] GetFileType (hFile=0x2cc) returned 0x1 [0217.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.431] GetFileType (hFile=0x2cc) returned 0x1 [0217.431] ReadFile (in: hFile=0x2cc, lpBuffer=0x2229868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2229868*, lpNumberOfBytesRead=0x15edd8*=0x3c1, lpOverlapped=0x0) returned 1 [0217.432] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.432] WriteFile (in: hFile=0x2cc, lpBuffer=0x2229868*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2229868*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.433] CloseHandle (hObject=0x2cc) returned 1 [0217.434] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9bAP9Uzx.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9bAP9Uzx.lnk", lpFilePart=0x0) returned 0x48 [0217.434] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9bAP9Uzx.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9bAP9Uzx.lnk.rtcrypted", lpFilePart=0x0) returned 0x52 [0217.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.434] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9bAP9Uzx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\9bap9uzx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd83ace5, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15fc7d14, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15fc7d14, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3c1)) returned 1 [0217.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.434] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9bAP9Uzx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\9bap9uzx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9bAP9Uzx.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\9bap9uzx.lnk.rtcrypted")) returned 1 [0217.435] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.436] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.436] GetFileType (hFile=0x2cc) returned 0x1 [0217.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.436] GetFileType (hFile=0x2cc) returned 0x1 [0217.436] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x14b8 [0217.437] WriteFile (in: hFile=0x2cc, lpBuffer=0x222c1d0*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x222c1d0*, lpNumberOfBytesWritten=0x15ecc8*=0x49, lpOverlapped=0x0) returned 1 [0217.437] CloseHandle (hObject=0x2cc) returned 1 [0217.438] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.439] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aejUOooWI.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aejUOooWI.lnk", lpFilePart=0x0) returned 0x49 [0217.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.439] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aejUOooWI.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\aejuooowi.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.439] GetFileType (hFile=0x2cc) returned 0x1 [0217.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.440] GetFileType (hFile=0x2cc) returned 0x1 [0217.440] ReadFile (in: hFile=0x2cc, lpBuffer=0x222d760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x222d760*, lpNumberOfBytesRead=0x15edd8*=0x28c, lpOverlapped=0x0) returned 1 [0217.440] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.440] WriteFile (in: hFile=0x2cc, lpBuffer=0x222d760*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x222d760*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.440] CloseHandle (hObject=0x2cc) returned 1 [0217.441] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aejUOooWI.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aejUOooWI.lnk", lpFilePart=0x0) returned 0x49 [0217.441] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aejUOooWI.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aejUOooWI.lnk.rtcrypted", lpFilePart=0x0) returned 0x53 [0217.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.441] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aejUOooWI.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\aejuooowi.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf78c8ab3, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x15fc7d14, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x15fc7d14, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x28c)) returned 1 [0217.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.442] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aejUOooWI.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\aejuooowi.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aejUOooWI.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\aejuooowi.lnk.rtcrypted")) returned 1 [0217.443] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.444] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.444] GetFileType (hFile=0x2cc) returned 0x1 [0217.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.444] GetFileType (hFile=0x2cc) returned 0x1 [0217.444] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1501 [0217.445] WriteFile (in: hFile=0x2cc, lpBuffer=0x22300c8*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22300c8*, lpNumberOfBytesWritten=0x15ecc8*=0x4a, lpOverlapped=0x0) returned 1 [0217.445] CloseHandle (hObject=0x2cc) returned 1 [0217.447] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.495] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AI-BTkK-C.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AI-BTkK-C.lnk", lpFilePart=0x0) returned 0x49 [0217.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.496] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AI-BTkK-C.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ai-btkk-c.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.496] GetFileType (hFile=0x2cc) returned 0x1 [0217.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.496] GetFileType (hFile=0x2cc) returned 0x1 [0217.496] ReadFile (in: hFile=0x2cc, lpBuffer=0x2231658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2231658*, lpNumberOfBytesRead=0x15edd8*=0x49c, lpOverlapped=0x0) returned 1 [0217.496] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.496] WriteFile (in: hFile=0x2cc, lpBuffer=0x2231658*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2231658*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.497] CloseHandle (hObject=0x2cc) returned 1 [0217.498] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AI-BTkK-C.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AI-BTkK-C.lnk", lpFilePart=0x0) returned 0x49 [0217.498] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AI-BTkK-C.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AI-BTkK-C.lnk.rtcrypted", lpFilePart=0x0) returned 0x53 [0217.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.498] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AI-BTkK-C.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ai-btkk-c.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40eff4d7, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x160605a5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x160605a5, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x49c)) returned 1 [0217.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.498] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AI-BTkK-C.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ai-btkk-c.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AI-BTkK-C.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ai-btkk-c.lnk.rtcrypted")) returned 1 [0217.499] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.499] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.500] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.500] GetFileType (hFile=0x2cc) returned 0x1 [0217.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.500] GetFileType (hFile=0x2cc) returned 0x1 [0217.500] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x154b [0217.501] WriteFile (in: hFile=0x2cc, lpBuffer=0x2233fc0*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2233fc0*, lpNumberOfBytesWritten=0x15ecc8*=0x4a, lpOverlapped=0x0) returned 1 [0217.501] CloseHandle (hObject=0x2cc) returned 1 [0217.503] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.503] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\amGLU92hTOyVS.pptx.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\amGLU92hTOyVS.pptx.lnk", lpFilePart=0x0) returned 0x52 [0217.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.503] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\amGLU92hTOyVS.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\amglu92htoyvs.pptx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.503] GetFileType (hFile=0x2cc) returned 0x1 [0217.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.504] GetFileType (hFile=0x2cc) returned 0x1 [0217.504] ReadFile (in: hFile=0x2cc, lpBuffer=0x2235570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2235570*, lpNumberOfBytesRead=0x15edd8*=0x3e6, lpOverlapped=0x0) returned 1 [0217.504] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.504] WriteFile (in: hFile=0x2cc, lpBuffer=0x2235570*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2235570*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.504] CloseHandle (hObject=0x2cc) returned 1 [0217.505] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\amGLU92hTOyVS.pptx.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\amGLU92hTOyVS.pptx.lnk", lpFilePart=0x0) returned 0x52 [0217.505] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\amGLU92hTOyVS.pptx.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\amGLU92hTOyVS.pptx.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0217.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\amGLU92hTOyVS.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\amglu92htoyvs.pptx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x699732b, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x160605a5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x160605a5, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3e6)) returned 1 [0217.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.506] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\amGLU92hTOyVS.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\amglu92htoyvs.pptx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\amGLU92hTOyVS.pptx.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\amglu92htoyvs.pptx.lnk.rtcrypted")) returned 1 [0217.507] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.507] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.507] GetFileType (hFile=0x2cc) returned 0x1 [0217.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.508] GetFileType (hFile=0x2cc) returned 0x1 [0217.508] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1595 [0217.508] WriteFile (in: hFile=0x2cc, lpBuffer=0x2237f28*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2237f28*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0217.508] CloseHandle (hObject=0x2cc) returned 1 [0217.510] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.511] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aqmU9TUpYSVIUMRXMae4.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aqmU9TUpYSVIUMRXMae4.lnk", lpFilePart=0x0) returned 0x54 [0217.511] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.511] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aqmU9TUpYSVIUMRXMae4.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\aqmu9tupysviumrxmae4.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.511] GetFileType (hFile=0x2cc) returned 0x1 [0217.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.511] GetFileType (hFile=0x2cc) returned 0x1 [0217.511] ReadFile (in: hFile=0x2cc, lpBuffer=0x22394e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22394e8*, lpNumberOfBytesRead=0x15edd8*=0x409, lpOverlapped=0x0) returned 1 [0217.511] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.512] WriteFile (in: hFile=0x2cc, lpBuffer=0x22394e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22394e8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.512] CloseHandle (hObject=0x2cc) returned 1 [0217.513] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aqmU9TUpYSVIUMRXMae4.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aqmU9TUpYSVIUMRXMae4.lnk", lpFilePart=0x0) returned 0x54 [0217.513] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aqmU9TUpYSVIUMRXMae4.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aqmU9TUpYSVIUMRXMae4.lnk.rtcrypted", lpFilePart=0x0) returned 0x5e [0217.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.513] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aqmU9TUpYSVIUMRXMae4.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\aqmu9tupysviumrxmae4.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8cdb7d4, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x16086745, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x16086745, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x409)) returned 1 [0217.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.514] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aqmU9TUpYSVIUMRXMae4.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\aqmu9tupysviumrxmae4.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aqmU9TUpYSVIUMRXMae4.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\aqmu9tupysviumrxmae4.lnk.rtcrypted")) returned 1 [0217.515] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.515] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.516] GetFileType (hFile=0x2cc) returned 0x1 [0217.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.516] GetFileType (hFile=0x2cc) returned 0x1 [0217.516] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x15e8 [0217.516] WriteFile (in: hFile=0x2cc, lpBuffer=0x223be98*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x223be98*, lpNumberOfBytesWritten=0x15ecc8*=0x55, lpOverlapped=0x0) returned 1 [0217.517] CloseHandle (hObject=0x2cc) returned 1 [0217.518] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.518] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aucpxM.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aucpxM.lnk", lpFilePart=0x0) returned 0x46 [0217.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.519] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aucpxM.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\aucpxm.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.519] GetFileType (hFile=0x2cc) returned 0x1 [0217.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.519] GetFileType (hFile=0x2cc) returned 0x1 [0217.519] ReadFile (in: hFile=0x2cc, lpBuffer=0x223d430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x223d430*, lpNumberOfBytesRead=0x15edd8*=0x53a, lpOverlapped=0x0) returned 1 [0217.519] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.520] WriteFile (in: hFile=0x2cc, lpBuffer=0x223d430*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x223d430*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.520] CloseHandle (hObject=0x2cc) returned 1 [0217.523] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aucpxM.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aucpxM.lnk", lpFilePart=0x0) returned 0x46 [0217.523] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aucpxM.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aucpxM.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0217.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aucpxM.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\aucpxm.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec68ac10, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x16086745, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x16086745, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x53a)) returned 1 [0217.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.523] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aucpxM.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\aucpxm.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aucpxM.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\aucpxm.lnk.rtcrypted")) returned 1 [0217.533] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.533] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.534] GetFileType (hFile=0x2cc) returned 0x1 [0217.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.534] GetFileType (hFile=0x2cc) returned 0x1 [0217.534] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x163d [0217.534] WriteFile (in: hFile=0x2cc, lpBuffer=0x223fd70*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x223fd70*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0217.534] CloseHandle (hObject=0x2cc) returned 1 [0217.536] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.536] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AwXZ4sgzr.ots.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AwXZ4sgzr.ots.lnk", lpFilePart=0x0) returned 0x4d [0217.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.537] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AwXZ4sgzr.ots.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\awxz4sgzr.ots.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.537] GetFileType (hFile=0x2cc) returned 0x1 [0217.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.537] GetFileType (hFile=0x2cc) returned 0x1 [0217.537] ReadFile (in: hFile=0x2cc, lpBuffer=0x2241328, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2241328*, lpNumberOfBytesRead=0x15edd8*=0x3e7, lpOverlapped=0x0) returned 1 [0217.537] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.537] WriteFile (in: hFile=0x2cc, lpBuffer=0x2241328*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2241328*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.538] CloseHandle (hObject=0x2cc) returned 1 [0217.538] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AwXZ4sgzr.ots.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AwXZ4sgzr.ots.lnk", lpFilePart=0x0) returned 0x4d [0217.539] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AwXZ4sgzr.ots.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AwXZ4sgzr.ots.lnk.rtcrypted", lpFilePart=0x0) returned 0x57 [0217.539] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AwXZ4sgzr.ots.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\awxz4sgzr.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7d607a3, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x160acccb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x160acccb, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3e7)) returned 1 [0217.539] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.539] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AwXZ4sgzr.ots.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\awxz4sgzr.ots.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AwXZ4sgzr.ots.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\awxz4sgzr.ots.lnk.rtcrypted")) returned 1 [0217.540] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.540] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.540] GetFileType (hFile=0x2cc) returned 0x1 [0217.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.541] GetFileType (hFile=0x2cc) returned 0x1 [0217.541] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1684 [0217.637] WriteFile (in: hFile=0x2cc, lpBuffer=0x227f568*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x227f568*, lpNumberOfBytesWritten=0x15ecc8*=0x4e, lpOverlapped=0x0) returned 1 [0217.637] CloseHandle (hObject=0x2cc) returned 1 [0217.639] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.640] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aXS6vb.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aXS6vb.lnk", lpFilePart=0x0) returned 0x46 [0217.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.640] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aXS6vb.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\axs6vb.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.640] GetFileType (hFile=0x2cc) returned 0x1 [0217.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.640] GetFileType (hFile=0x2cc) returned 0x1 [0217.641] ReadFile (in: hFile=0x2cc, lpBuffer=0x2280b00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2280b00*, lpNumberOfBytesRead=0x15edd8*=0x42c, lpOverlapped=0x0) returned 1 [0217.641] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.641] WriteFile (in: hFile=0x2cc, lpBuffer=0x2280b00*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2280b00*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.642] CloseHandle (hObject=0x2cc) returned 1 [0217.643] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aXS6vb.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aXS6vb.lnk", lpFilePart=0x0) returned 0x46 [0217.643] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aXS6vb.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aXS6vb.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0217.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.643] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aXS6vb.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\axs6vb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ae60d1, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x161b7ac3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x161b7ac3, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x42c)) returned 1 [0217.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.644] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aXS6vb.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\axs6vb.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aXS6vb.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\axs6vb.lnk.rtcrypted")) returned 1 [0217.645] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.646] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.646] GetFileType (hFile=0x2cc) returned 0x1 [0217.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.646] GetFileType (hFile=0x2cc) returned 0x1 [0217.646] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x16d2 [0217.647] WriteFile (in: hFile=0x2cc, lpBuffer=0x2283440*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2283440*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0217.647] CloseHandle (hObject=0x2cc) returned 1 [0217.649] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.649] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\A_VTOyBLcz6NRbG97.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\A_VTOyBLcz6NRbG97.xlsx.lnk", lpFilePart=0x0) returned 0x56 [0217.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.649] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\A_VTOyBLcz6NRbG97.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\a_vtoyblcz6nrbg97.xlsx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.650] GetFileType (hFile=0x2cc) returned 0x1 [0217.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.650] GetFileType (hFile=0x2cc) returned 0x1 [0217.651] ReadFile (in: hFile=0x2cc, lpBuffer=0x2284a18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2284a18*, lpNumberOfBytesRead=0x15edd8*=0x2b9, lpOverlapped=0x0) returned 1 [0217.651] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.651] WriteFile (in: hFile=0x2cc, lpBuffer=0x2284a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2284a18*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.651] CloseHandle (hObject=0x2cc) returned 1 [0217.652] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\A_VTOyBLcz6NRbG97.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\A_VTOyBLcz6NRbG97.xlsx.lnk", lpFilePart=0x0) returned 0x56 [0217.652] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\A_VTOyBLcz6NRbG97.xlsx.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\A_VTOyBLcz6NRbG97.xlsx.lnk.rtcrypted", lpFilePart=0x0) returned 0x60 [0217.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\A_VTOyBLcz6NRbG97.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\a_vtoyblcz6nrbg97.xlsx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8f3551a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x161ddb6f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x161ddb6f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2b9)) returned 1 [0217.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.653] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\A_VTOyBLcz6NRbG97.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\a_vtoyblcz6nrbg97.xlsx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\A_VTOyBLcz6NRbG97.xlsx.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\a_vtoyblcz6nrbg97.xlsx.lnk.rtcrypted")) returned 1 [0217.654] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.655] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.655] GetFileType (hFile=0x2cc) returned 0x1 [0217.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.655] GetFileType (hFile=0x2cc) returned 0x1 [0217.655] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1719 [0217.656] WriteFile (in: hFile=0x2cc, lpBuffer=0x22873d8*, nNumberOfBytesToWrite=0x57, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22873d8*, lpNumberOfBytesWritten=0x15ecc8*=0x57, lpOverlapped=0x0) returned 1 [0217.656] CloseHandle (hObject=0x2cc) returned 1 [0217.658] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.658] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b GzxP7sA1S-0PBuwA.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b GzxP7sA1S-0PBuwA.xlsx.lnk", lpFilePart=0x0) returned 0x57 [0217.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.659] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b GzxP7sA1S-0PBuwA.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\b gzxp7sa1s-0pbuwa.xlsx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.659] GetFileType (hFile=0x2cc) returned 0x1 [0217.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.659] GetFileType (hFile=0x2cc) returned 0x1 [0217.659] ReadFile (in: hFile=0x2cc, lpBuffer=0x22889b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22889b0*, lpNumberOfBytesRead=0x15edd8*=0x3ff, lpOverlapped=0x0) returned 1 [0217.660] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.660] WriteFile (in: hFile=0x2cc, lpBuffer=0x22889b0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22889b0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.660] CloseHandle (hObject=0x2cc) returned 1 [0217.662] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b GzxP7sA1S-0PBuwA.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b GzxP7sA1S-0PBuwA.xlsx.lnk", lpFilePart=0x0) returned 0x57 [0217.662] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b GzxP7sA1S-0PBuwA.xlsx.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b GzxP7sA1S-0PBuwA.xlsx.lnk.rtcrypted", lpFilePart=0x0) returned 0x61 [0217.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.662] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b GzxP7sA1S-0PBuwA.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\b gzxp7sa1s-0pbuwa.xlsx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfded34e0, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x161ddb6f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x161ddb6f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3ff)) returned 1 [0217.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.662] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b GzxP7sA1S-0PBuwA.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\b gzxp7sa1s-0pbuwa.xlsx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b GzxP7sA1S-0PBuwA.xlsx.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\b gzxp7sa1s-0pbuwa.xlsx.lnk.rtcrypted")) returned 1 [0217.664] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.665] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.665] GetFileType (hFile=0x2cc) returned 0x1 [0217.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.665] GetFileType (hFile=0x2cc) returned 0x1 [0217.665] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1770 [0217.666] WriteFile (in: hFile=0x2cc, lpBuffer=0x228b378*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x228b378*, lpNumberOfBytesWritten=0x15ecc8*=0x58, lpOverlapped=0x0) returned 1 [0217.667] CloseHandle (hObject=0x2cc) returned 1 [0217.668] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.668] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bBT-MFL3sFb3zx-FPOy.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bBT-MFL3sFb3zx-FPOy.lnk", lpFilePart=0x0) returned 0x53 [0217.669] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.669] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bBT-MFL3sFb3zx-FPOy.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bbt-mfl3sfb3zx-fpoy.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.669] GetFileType (hFile=0x2cc) returned 0x1 [0217.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.669] GetFileType (hFile=0x2cc) returned 0x1 [0217.670] ReadFile (in: hFile=0x2cc, lpBuffer=0x228c940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x228c940*, lpNumberOfBytesRead=0x15edd8*=0x48d, lpOverlapped=0x0) returned 1 [0217.670] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.670] WriteFile (in: hFile=0x2cc, lpBuffer=0x228c940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x228c940*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.670] CloseHandle (hObject=0x2cc) returned 1 [0217.672] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bBT-MFL3sFb3zx-FPOy.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bBT-MFL3sFb3zx-FPOy.lnk", lpFilePart=0x0) returned 0x53 [0217.672] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bBT-MFL3sFb3zx-FPOy.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bBT-MFL3sFb3zx-FPOy.lnk.rtcrypted", lpFilePart=0x0) returned 0x5d [0217.672] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.672] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bBT-MFL3sFb3zx-FPOy.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bbt-mfl3sfb3zx-fpoy.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11a749bf, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x1620426e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1620426e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x48d)) returned 1 [0217.672] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.672] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bBT-MFL3sFb3zx-FPOy.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bbt-mfl3sfb3zx-fpoy.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bBT-MFL3sFb3zx-FPOy.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bbt-mfl3sfb3zx-fpoy.lnk.rtcrypted")) returned 1 [0217.674] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.674] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.674] GetFileType (hFile=0x2cc) returned 0x1 [0217.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.674] GetFileType (hFile=0x2cc) returned 0x1 [0217.675] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x17c8 [0217.675] WriteFile (in: hFile=0x2cc, lpBuffer=0x228f2e8*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x228f2e8*, lpNumberOfBytesWritten=0x15ecc8*=0x54, lpOverlapped=0x0) returned 1 [0217.675] CloseHandle (hObject=0x2cc) returned 1 [0217.676] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.677] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BG-3Ru.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BG-3Ru.lnk", lpFilePart=0x0) returned 0x46 [0217.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.677] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BG-3Ru.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bg-3ru.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.677] GetFileType (hFile=0x2cc) returned 0x1 [0217.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.678] GetFileType (hFile=0x2cc) returned 0x1 [0217.678] ReadFile (in: hFile=0x2cc, lpBuffer=0x2290880, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2290880*, lpNumberOfBytesRead=0x15edd8*=0x42c, lpOverlapped=0x0) returned 1 [0217.678] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.678] WriteFile (in: hFile=0x2cc, lpBuffer=0x2290880*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2290880*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.679] CloseHandle (hObject=0x2cc) returned 1 [0217.680] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BG-3Ru.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BG-3Ru.lnk", lpFilePart=0x0) returned 0x46 [0217.680] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BG-3Ru.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BG-3Ru.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0217.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.680] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BG-3Ru.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bg-3ru.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedb2a859, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1620426e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1620426e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x42c)) returned 1 [0217.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.680] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BG-3Ru.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bg-3ru.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BG-3Ru.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bg-3ru.lnk.rtcrypted")) returned 1 [0217.681] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.681] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.747] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.747] GetFileType (hFile=0x2cc) returned 0x1 [0217.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.747] GetFileType (hFile=0x2cc) returned 0x1 [0217.747] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x181c [0217.748] WriteFile (in: hFile=0x2cc, lpBuffer=0x2297b20*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2297b20*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0217.748] CloseHandle (hObject=0x2cc) returned 1 [0217.750] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.751] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BlfnUP.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BlfnUP.lnk", lpFilePart=0x0) returned 0x46 [0217.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.751] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BlfnUP.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\blfnup.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.751] GetFileType (hFile=0x2cc) returned 0x1 [0217.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.751] GetFileType (hFile=0x2cc) returned 0x1 [0217.751] ReadFile (in: hFile=0x2cc, lpBuffer=0x22990b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22990b8*, lpNumberOfBytesRead=0x15edd8*=0x365, lpOverlapped=0x0) returned 1 [0217.752] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.752] WriteFile (in: hFile=0x2cc, lpBuffer=0x22990b8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22990b8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.752] CloseHandle (hObject=0x2cc) returned 1 [0217.753] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BlfnUP.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BlfnUP.lnk", lpFilePart=0x0) returned 0x46 [0217.753] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BlfnUP.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BlfnUP.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0217.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.753] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BlfnUP.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\blfnup.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdea43feb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x162c28a0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x162c28a0, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x365)) returned 1 [0217.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.754] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BlfnUP.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\blfnup.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BlfnUP.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\blfnup.lnk.rtcrypted")) returned 1 [0217.755] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.755] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.755] GetFileType (hFile=0x2cc) returned 0x1 [0217.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.755] GetFileType (hFile=0x2cc) returned 0x1 [0217.755] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1863 [0217.756] WriteFile (in: hFile=0x2cc, lpBuffer=0x229b9f8*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x229b9f8*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0217.756] CloseHandle (hObject=0x2cc) returned 1 [0217.757] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.758] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BmJalddlQRnVT8k_d-q.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BmJalddlQRnVT8k_d-q.lnk", lpFilePart=0x0) returned 0x53 [0217.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.758] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BmJalddlQRnVT8k_d-q.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bmjalddlqrnvt8k_d-q.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.759] GetFileType (hFile=0x2cc) returned 0x1 [0217.759] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.759] GetFileType (hFile=0x2cc) returned 0x1 [0217.759] ReadFile (in: hFile=0x2cc, lpBuffer=0x229cfc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x229cfc0*, lpNumberOfBytesRead=0x15edd8*=0x44a, lpOverlapped=0x0) returned 1 [0217.759] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.759] WriteFile (in: hFile=0x2cc, lpBuffer=0x229cfc0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x229cfc0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.759] CloseHandle (hObject=0x2cc) returned 1 [0217.761] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BmJalddlQRnVT8k_d-q.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BmJalddlQRnVT8k_d-q.lnk", lpFilePart=0x0) returned 0x53 [0217.761] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BmJalddlQRnVT8k_d-q.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BmJalddlQRnVT8k_d-q.lnk.rtcrypted", lpFilePart=0x0) returned 0x5d [0217.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.761] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BmJalddlQRnVT8k_d-q.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bmjalddlqrnvt8k_d-q.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecf18828, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x162c28a0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x162c28a0, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x44a)) returned 1 [0217.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.761] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BmJalddlQRnVT8k_d-q.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bmjalddlqrnvt8k_d-q.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BmJalddlQRnVT8k_d-q.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bmjalddlqrnvt8k_d-q.lnk.rtcrypted")) returned 1 [0217.762] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.762] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.763] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.763] GetFileType (hFile=0x2cc) returned 0x1 [0217.763] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.763] GetFileType (hFile=0x2cc) returned 0x1 [0217.763] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x18aa [0217.763] WriteFile (in: hFile=0x2cc, lpBuffer=0x229f968*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x229f968*, lpNumberOfBytesWritten=0x15ecc8*=0x54, lpOverlapped=0x0) returned 1 [0217.763] CloseHandle (hObject=0x2cc) returned 1 [0217.765] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.765] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bxOJ-KchVEH.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bxOJ-KchVEH.lnk", lpFilePart=0x0) returned 0x4b [0217.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.765] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bxOJ-KchVEH.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bxoj-kchveh.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.766] GetFileType (hFile=0x2cc) returned 0x1 [0217.766] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.766] GetFileType (hFile=0x2cc) returned 0x1 [0217.766] ReadFile (in: hFile=0x2cc, lpBuffer=0x22a0f10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22a0f10*, lpNumberOfBytesRead=0x15edd8*=0x49d, lpOverlapped=0x0) returned 1 [0217.766] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.766] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a0f10*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22a0f10*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.767] CloseHandle (hObject=0x2cc) returned 1 [0217.768] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bxOJ-KchVEH.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bxOJ-KchVEH.lnk", lpFilePart=0x0) returned 0x4b [0217.768] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bxOJ-KchVEH.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bxOJ-KchVEH.lnk.rtcrypted", lpFilePart=0x0) returned 0x55 [0217.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.768] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bxOJ-KchVEH.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bxoj-kchveh.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f2e489, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x162e9d27, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x162e9d27, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x49d)) returned 1 [0217.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.768] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bxOJ-KchVEH.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bxoj-kchveh.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bxOJ-KchVEH.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\bxoj-kchveh.lnk.rtcrypted")) returned 1 [0217.769] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.769] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.770] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.770] GetFileType (hFile=0x2cc) returned 0x1 [0217.770] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.770] GetFileType (hFile=0x2cc) returned 0x1 [0217.770] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x18fe [0217.770] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a3878*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22a3878*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0217.771] CloseHandle (hObject=0x2cc) returned 1 [0217.772] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.772] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Chkad3-ROtdrHsoCUX.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Chkad3-ROtdrHsoCUX.lnk", lpFilePart=0x0) returned 0x52 [0217.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.773] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Chkad3-ROtdrHsoCUX.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\chkad3-rotdrhsocux.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.773] GetFileType (hFile=0x2cc) returned 0x1 [0217.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.773] GetFileType (hFile=0x2cc) returned 0x1 [0217.773] ReadFile (in: hFile=0x2cc, lpBuffer=0x22a4e40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22a4e40*, lpNumberOfBytesRead=0x15edd8*=0x555, lpOverlapped=0x0) returned 1 [0217.774] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.774] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a4e40*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22a4e40*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.774] CloseHandle (hObject=0x2cc) returned 1 [0217.775] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Chkad3-ROtdrHsoCUX.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Chkad3-ROtdrHsoCUX.lnk", lpFilePart=0x0) returned 0x52 [0217.775] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Chkad3-ROtdrHsoCUX.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Chkad3-ROtdrHsoCUX.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0217.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.775] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Chkad3-ROtdrHsoCUX.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\chkad3-rotdrhsocux.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf40cf840, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x162e9d27, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x162e9d27, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x555)) returned 1 [0217.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.775] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Chkad3-ROtdrHsoCUX.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\chkad3-rotdrhsocux.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Chkad3-ROtdrHsoCUX.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\chkad3-rotdrhsocux.lnk.rtcrypted")) returned 1 [0217.777] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.826] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.827] GetFileType (hFile=0x2cc) returned 0x1 [0217.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.827] GetFileType (hFile=0x2cc) returned 0x1 [0217.827] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x194a [0217.828] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a77e0*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22a77e0*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0217.879] CloseHandle (hObject=0x2cc) returned 1 [0217.883] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.884] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CIdAi4WoBaReZGuNW3Z.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CIdAi4WoBaReZGuNW3Z.xlsx.lnk", lpFilePart=0x0) returned 0x58 [0217.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.885] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CIdAi4WoBaReZGuNW3Z.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cidai4wobarezgunw3z.xlsx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.885] GetFileType (hFile=0x2cc) returned 0x1 [0217.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.886] GetFileType (hFile=0x2cc) returned 0x1 [0217.886] ReadFile (in: hFile=0x2cc, lpBuffer=0x22a8dc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22a8dc8*, lpNumberOfBytesRead=0x15edd8*=0x404, lpOverlapped=0x0) returned 1 [0217.887] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.887] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a8dc8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22a8dc8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.888] CloseHandle (hObject=0x2cc) returned 1 [0217.890] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CIdAi4WoBaReZGuNW3Z.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CIdAi4WoBaReZGuNW3Z.xlsx.lnk", lpFilePart=0x0) returned 0x58 [0217.890] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CIdAi4WoBaReZGuNW3Z.xlsx.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CIdAi4WoBaReZGuNW3Z.xlsx.lnk.rtcrypted", lpFilePart=0x0) returned 0x62 [0217.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.890] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CIdAi4WoBaReZGuNW3Z.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cidai4wobarezgunw3z.xlsx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd6eee52, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x16407bd3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x16407bd3, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x404)) returned 1 [0217.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.894] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CIdAi4WoBaReZGuNW3Z.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cidai4wobarezgunw3z.xlsx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CIdAi4WoBaReZGuNW3Z.xlsx.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cidai4wobarezgunw3z.xlsx.lnk.rtcrypted")) returned 1 [0217.897] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.898] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.899] GetFileType (hFile=0x2cc) returned 0x1 [0217.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.899] GetFileType (hFile=0x2cc) returned 0x1 [0217.899] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x199d [0217.900] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ab798*, nNumberOfBytesToWrite=0x59, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22ab798*, lpNumberOfBytesWritten=0x15ecc8*=0x59, lpOverlapped=0x0) returned 1 [0217.901] CloseHandle (hObject=0x2cc) returned 1 [0217.903] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.904] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNhSRq_988nVmcAoKs I.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNhSRq_988nVmcAoKs I.lnk", lpFilePart=0x0) returned 0x54 [0217.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.905] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNhSRq_988nVmcAoKs I.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cnhsrq_988nvmcaoks i.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.905] GetFileType (hFile=0x2cc) returned 0x1 [0217.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.905] GetFileType (hFile=0x2cc) returned 0x1 [0217.906] ReadFile (in: hFile=0x2cc, lpBuffer=0x22acd70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22acd70*, lpNumberOfBytesRead=0x15edd8*=0x6ba, lpOverlapped=0x0) returned 1 [0217.906] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.906] WriteFile (in: hFile=0x2cc, lpBuffer=0x22acd70*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22acd70*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.907] CloseHandle (hObject=0x2cc) returned 1 [0217.908] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNhSRq_988nVmcAoKs I.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNhSRq_988nVmcAoKs I.lnk", lpFilePart=0x0) returned 0x54 [0217.909] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNhSRq_988nVmcAoKs I.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNhSRq_988nVmcAoKs I.lnk.rtcrypted", lpFilePart=0x0) returned 0x5e [0217.909] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.910] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNhSRq_988nVmcAoKs I.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cnhsrq_988nvmcaoks i.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffb615da, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1642e918, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1642e918, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x6ba)) returned 1 [0217.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.910] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNhSRq_988nVmcAoKs I.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cnhsrq_988nvmcaoks i.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNhSRq_988nVmcAoKs I.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cnhsrq_988nvmcaoks i.lnk.rtcrypted")) returned 1 [0217.912] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.913] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.913] GetFileType (hFile=0x2cc) returned 0x1 [0217.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.913] GetFileType (hFile=0x2cc) returned 0x1 [0217.913] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x19f6 [0217.914] WriteFile (in: hFile=0x2cc, lpBuffer=0x22af720*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22af720*, lpNumberOfBytesWritten=0x15ecc8*=0x55, lpOverlapped=0x0) returned 1 [0217.914] CloseHandle (hObject=0x2cc) returned 1 [0217.916] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0217.917] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk", lpFilePart=0x0) returned 0x4c [0217.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0217.917] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\common files.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0217.917] GetFileType (hFile=0x2cc) returned 0x1 [0217.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0217.918] GetFileType (hFile=0x2cc) returned 0x1 [0217.918] ReadFile (in: hFile=0x2cc, lpBuffer=0x22b0cd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22b0cd8*, lpNumberOfBytesRead=0x15edd8*=0x2c6, lpOverlapped=0x0) returned 1 [0217.918] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0217.919] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b0cd8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22b0cd8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0217.919] CloseHandle (hObject=0x2cc) returned 1 [0217.920] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk", lpFilePart=0x0) returned 0x4c [0217.920] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk.rtcrypted", lpFilePart=0x0) returned 0x56 [0217.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0217.920] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\common files.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x398b8a7, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x16454723, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x16454723, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2c6)) returned 1 [0217.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0217.921] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\common files.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\common files.lnk.rtcrypted")) returned 1 [0217.922] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0217.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0217.922] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0217.923] GetFileType (hFile=0x2cc) returned 0x1 [0217.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0217.923] GetFileType (hFile=0x2cc) returned 0x1 [0217.923] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1a4b [0217.924] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b3648*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22b3648*, lpNumberOfBytesWritten=0x15ecc8*=0x4d, lpOverlapped=0x0) returned 1 [0217.924] CloseHandle (hObject=0x2cc) returned 1 [0219.882] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0219.882] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CPtLqFgr7.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CPtLqFgr7.lnk", lpFilePart=0x0) returned 0x49 [0219.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0219.883] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CPtLqFgr7.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cptlqfgr7.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0219.883] GetFileType (hFile=0x2cc) returned 0x1 [0219.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0219.884] GetFileType (hFile=0x2cc) returned 0x1 [0219.884] ReadFile (in: hFile=0x2cc, lpBuffer=0x22f4e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22f4e20*, lpNumberOfBytesRead=0x15edd8*=0x28c, lpOverlapped=0x0) returned 1 [0219.884] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0219.884] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f4e20*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22f4e20*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0219.886] CloseHandle (hObject=0x2cc) returned 1 [0219.887] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CPtLqFgr7.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CPtLqFgr7.lnk", lpFilePart=0x0) returned 0x49 [0219.887] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CPtLqFgr7.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CPtLqFgr7.lnk.rtcrypted", lpFilePart=0x0) returned 0x53 [0219.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0219.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CPtLqFgr7.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cptlqfgr7.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6cb6a1a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1772c8e7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1772c8e7, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x28c)) returned 1 [0219.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0219.889] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CPtLqFgr7.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cptlqfgr7.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CPtLqFgr7.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cptlqfgr7.lnk.rtcrypted")) returned 1 [0219.892] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0219.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0219.893] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0219.893] GetFileType (hFile=0x2cc) returned 0x1 [0219.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0219.894] GetFileType (hFile=0x2cc) returned 0x1 [0219.894] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1a98 [0219.895] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f7770*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22f7770*, lpNumberOfBytesWritten=0x15ecc8*=0x4a, lpOverlapped=0x0) returned 1 [0219.895] CloseHandle (hObject=0x2cc) returned 1 [0219.898] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0219.899] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CSRpjbn.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CSRpjbn.lnk", lpFilePart=0x0) returned 0x47 [0219.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0219.899] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CSRpjbn.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\csrpjbn.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0219.900] GetFileType (hFile=0x2cc) returned 0x1 [0219.900] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0219.900] GetFileType (hFile=0x2cc) returned 0x1 [0219.902] ReadFile (in: hFile=0x2cc, lpBuffer=0x22f8d08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22f8d08*, lpNumberOfBytesRead=0x15edd8*=0x3e2, lpOverlapped=0x0) returned 1 [0219.903] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0219.903] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f8d08*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22f8d08*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0219.903] CloseHandle (hObject=0x2cc) returned 1 [0219.905] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CSRpjbn.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CSRpjbn.lnk", lpFilePart=0x0) returned 0x47 [0219.905] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CSRpjbn.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CSRpjbn.lnk.rtcrypted", lpFilePart=0x0) returned 0x51 [0219.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0219.905] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CSRpjbn.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\csrpjbn.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x256d8a2, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x177533ed, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x177533ed, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3e2)) returned 1 [0219.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0219.906] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CSRpjbn.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\csrpjbn.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CSRpjbn.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\csrpjbn.lnk.rtcrypted")) returned 1 [0219.908] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0219.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0219.908] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0219.909] GetFileType (hFile=0x2cc) returned 0x1 [0219.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0219.909] GetFileType (hFile=0x2cc) returned 0x1 [0219.909] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1ae2 [0219.909] WriteFile (in: hFile=0x2cc, lpBuffer=0x22fb650*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22fb650*, lpNumberOfBytesWritten=0x15ecc8*=0x48, lpOverlapped=0x0) returned 1 [0219.910] CloseHandle (hObject=0x2cc) returned 1 [0219.912] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0219.912] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cUOFj.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cUOFj.lnk", lpFilePart=0x0) returned 0x45 [0219.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0219.913] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cUOFj.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cuofj.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0219.913] GetFileType (hFile=0x2cc) returned 0x1 [0219.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0219.913] GetFileType (hFile=0x2cc) returned 0x1 [0219.914] ReadFile (in: hFile=0x2cc, lpBuffer=0x22fcbe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22fcbe8*, lpNumberOfBytesRead=0x15edd8*=0x352, lpOverlapped=0x0) returned 1 [0219.914] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0219.914] WriteFile (in: hFile=0x2cc, lpBuffer=0x22fcbe8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22fcbe8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0219.915] CloseHandle (hObject=0x2cc) returned 1 [0219.944] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cUOFj.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cUOFj.lnk", lpFilePart=0x0) returned 0x45 [0219.944] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cUOFj.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cUOFj.lnk.rtcrypted", lpFilePart=0x0) returned 0x4f [0219.944] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0219.944] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cUOFj.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cuofj.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4250d260, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x177533ed, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x177533ed, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x352)) returned 1 [0219.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0219.944] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cUOFj.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cuofj.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cUOFj.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cuofj.lnk.rtcrypted")) returned 1 [0219.945] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0219.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0219.946] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0219.946] GetFileType (hFile=0x2cc) returned 0x1 [0219.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0219.946] GetFileType (hFile=0x2cc) returned 0x1 [0219.946] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1b2a [0219.947] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ff518*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22ff518*, lpNumberOfBytesWritten=0x15ecc8*=0x46, lpOverlapped=0x0) returned 1 [0219.947] CloseHandle (hObject=0x2cc) returned 1 [0219.949] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0219.950] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CxX 3.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CxX 3.lnk", lpFilePart=0x0) returned 0x45 [0219.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0219.950] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CxX 3.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cxx 3.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0219.950] GetFileType (hFile=0x2cc) returned 0x1 [0219.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0219.950] GetFileType (hFile=0x2cc) returned 0x1 [0219.951] ReadFile (in: hFile=0x2cc, lpBuffer=0x2300ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2300ab0*, lpNumberOfBytesRead=0x15edd8*=0x37e, lpOverlapped=0x0) returned 1 [0219.951] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0219.951] WriteFile (in: hFile=0x2cc, lpBuffer=0x2300ab0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2300ab0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0219.952] CloseHandle (hObject=0x2cc) returned 1 [0219.952] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CxX 3.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CxX 3.lnk", lpFilePart=0x0) returned 0x45 [0219.953] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CxX 3.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CxX 3.lnk.rtcrypted", lpFilePart=0x0) returned 0x4f [0219.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0219.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CxX 3.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cxx 3.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x423431b, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x177c5280, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x177c5280, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x37e)) returned 1 [0219.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0219.953] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CxX 3.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cxx 3.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CxX 3.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cxx 3.lnk.rtcrypted")) returned 1 [0219.954] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0219.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0219.954] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0219.954] GetFileType (hFile=0x2cc) returned 0x1 [0219.954] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0219.955] GetFileType (hFile=0x2cc) returned 0x1 [0219.955] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1b70 [0219.955] WriteFile (in: hFile=0x2cc, lpBuffer=0x23033e0*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x23033e0*, lpNumberOfBytesWritten=0x15ecc8*=0x46, lpOverlapped=0x0) returned 1 [0219.955] CloseHandle (hObject=0x2cc) returned 1 [0219.957] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0219.957] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cYW1VXatB-JI8vQr.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cYW1VXatB-JI8vQr.lnk", lpFilePart=0x0) returned 0x50 [0219.957] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0219.957] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cYW1VXatB-JI8vQr.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cyw1vxatb-ji8vqr.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0219.958] GetFileType (hFile=0x2cc) returned 0x1 [0219.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0219.958] GetFileType (hFile=0x2cc) returned 0x1 [0219.958] ReadFile (in: hFile=0x2cc, lpBuffer=0x23049a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x23049a8*, lpNumberOfBytesRead=0x15edd8*=0x3fb, lpOverlapped=0x0) returned 1 [0219.958] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0219.958] WriteFile (in: hFile=0x2cc, lpBuffer=0x23049a8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x23049a8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0219.959] CloseHandle (hObject=0x2cc) returned 1 [0219.959] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cYW1VXatB-JI8vQr.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cYW1VXatB-JI8vQr.lnk", lpFilePart=0x0) returned 0x50 [0219.959] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cYW1VXatB-JI8vQr.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cYW1VXatB-JI8vQr.lnk.rtcrypted", lpFilePart=0x0) returned 0x5a [0219.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0219.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cYW1VXatB-JI8vQr.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cyw1vxatb-ji8vqr.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x490644ae, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x177c5280, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x177c5280, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3fb)) returned 1 [0219.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0219.960] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cYW1VXatB-JI8vQr.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cyw1vxatb-ji8vqr.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cYW1VXatB-JI8vQr.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\cyw1vxatb-ji8vqr.lnk.rtcrypted")) returned 1 [0219.961] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0219.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0219.961] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0219.961] GetFileType (hFile=0x2cc) returned 0x1 [0219.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0219.961] GetFileType (hFile=0x2cc) returned 0x1 [0219.962] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1bb6 [0219.962] WriteFile (in: hFile=0x2cc, lpBuffer=0x2307338*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2307338*, lpNumberOfBytesWritten=0x15ecc8*=0x51, lpOverlapped=0x0) returned 1 [0219.962] CloseHandle (hObject=0x2cc) returned 1 [0219.964] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0219.964] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dbg3Ddy9SSgsZKwE.doc.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dbg3Ddy9SSgsZKwE.doc.lnk", lpFilePart=0x0) returned 0x54 [0219.964] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0219.965] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dbg3Ddy9SSgsZKwE.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dbg3ddy9ssgszkwe.doc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0219.965] GetFileType (hFile=0x2cc) returned 0x1 [0219.965] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0219.965] GetFileType (hFile=0x2cc) returned 0x1 [0219.965] ReadFile (in: hFile=0x2cc, lpBuffer=0x2308910, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2308910*, lpNumberOfBytesRead=0x15edd8*=0x467, lpOverlapped=0x0) returned 1 [0219.966] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0219.966] WriteFile (in: hFile=0x2cc, lpBuffer=0x2308910*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2308910*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0219.966] CloseHandle (hObject=0x2cc) returned 1 [0219.967] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dbg3Ddy9SSgsZKwE.doc.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dbg3Ddy9SSgsZKwE.doc.lnk", lpFilePart=0x0) returned 0x54 [0219.968] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dbg3Ddy9SSgsZKwE.doc.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dbg3Ddy9SSgsZKwE.doc.lnk.rtcrypted", lpFilePart=0x0) returned 0x5e [0219.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0219.968] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dbg3Ddy9SSgsZKwE.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dbg3ddy9ssgszkwe.doc.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5c742b0, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x177ec392, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x177ec392, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x467)) returned 1 [0219.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0219.968] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dbg3Ddy9SSgsZKwE.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dbg3ddy9ssgszkwe.doc.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dbg3Ddy9SSgsZKwE.doc.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dbg3ddy9ssgszkwe.doc.lnk.rtcrypted")) returned 1 [0219.969] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0219.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0219.969] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0219.970] GetFileType (hFile=0x2cc) returned 0x1 [0219.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0219.970] GetFileType (hFile=0x2cc) returned 0x1 [0219.970] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1c07 [0219.970] WriteFile (in: hFile=0x2cc, lpBuffer=0x230b2c0*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x230b2c0*, lpNumberOfBytesWritten=0x15ecc8*=0x55, lpOverlapped=0x0) returned 1 [0219.971] CloseHandle (hObject=0x2cc) returned 1 [0219.972] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0219.973] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMLxoOU.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMLxoOU.lnk", lpFilePart=0x0) returned 0x47 [0219.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0219.973] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMLxoOU.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dmlxoou.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0219.973] GetFileType (hFile=0x2cc) returned 0x1 [0219.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0219.974] GetFileType (hFile=0x2cc) returned 0x1 [0219.974] ReadFile (in: hFile=0x2cc, lpBuffer=0x230c858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x230c858*, lpNumberOfBytesRead=0x15edd8*=0x3db, lpOverlapped=0x0) returned 1 [0219.975] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0219.975] WriteFile (in: hFile=0x2cc, lpBuffer=0x230c858*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x230c858*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0219.975] CloseHandle (hObject=0x2cc) returned 1 [0219.976] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMLxoOU.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMLxoOU.lnk", lpFilePart=0x0) returned 0x47 [0219.976] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMLxoOU.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMLxoOU.lnk.rtcrypted", lpFilePart=0x0) returned 0x51 [0219.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0219.976] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMLxoOU.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dmlxoou.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe225437a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x177ec392, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x177ec392, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3db)) returned 1 [0219.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0219.977] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMLxoOU.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dmlxoou.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMLxoOU.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dmlxoou.lnk.rtcrypted")) returned 1 [0219.978] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0219.978] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0219.978] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.001] GetFileType (hFile=0x2cc) returned 0x1 [0220.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.001] GetFileType (hFile=0x2cc) returned 0x1 [0220.001] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1c5c [0220.001] WriteFile (in: hFile=0x2cc, lpBuffer=0x230f1a0*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x230f1a0*, lpNumberOfBytesWritten=0x15ecc8*=0x48, lpOverlapped=0x0) returned 1 [0220.002] CloseHandle (hObject=0x2cc) returned 1 [0220.003] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.003] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dvC8ktwxOFj7.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dvC8ktwxOFj7.lnk", lpFilePart=0x0) returned 0x4c [0220.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.004] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dvC8ktwxOFj7.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dvc8ktwxofj7.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.004] GetFileType (hFile=0x2cc) returned 0x1 [0220.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.004] GetFileType (hFile=0x2cc) returned 0x1 [0220.004] ReadFile (in: hFile=0x2cc, lpBuffer=0x2310758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2310758*, lpNumberOfBytesRead=0x15edd8*=0x498, lpOverlapped=0x0) returned 1 [0220.005] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.005] WriteFile (in: hFile=0x2cc, lpBuffer=0x2310758*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2310758*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.006] CloseHandle (hObject=0x2cc) returned 1 [0220.007] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dvC8ktwxOFj7.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dvC8ktwxOFj7.lnk", lpFilePart=0x0) returned 0x4c [0220.007] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dvC8ktwxOFj7.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dvC8ktwxOFj7.lnk.rtcrypted", lpFilePart=0x0) returned 0x56 [0220.008] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.008] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dvC8ktwxOFj7.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dvc8ktwxofj7.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee5e5057, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x178379b2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x178379b2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x498)) returned 1 [0220.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.008] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dvC8ktwxOFj7.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dvc8ktwxofj7.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dvC8ktwxOFj7.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dvc8ktwxofj7.lnk.rtcrypted")) returned 1 [0220.010] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.010] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.010] GetFileType (hFile=0x2cc) returned 0x1 [0220.010] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.011] GetFileType (hFile=0x2cc) returned 0x1 [0220.011] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1ca4 [0220.012] WriteFile (in: hFile=0x2cc, lpBuffer=0x23130e0*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x23130e0*, lpNumberOfBytesWritten=0x15ecc8*=0x4d, lpOverlapped=0x0) returned 1 [0220.012] CloseHandle (hObject=0x2cc) returned 1 [0220.014] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.014] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dy8.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dy8.lnk", lpFilePart=0x0) returned 0x43 [0220.014] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.014] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dy8.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dy8.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.014] GetFileType (hFile=0x2cc) returned 0x1 [0220.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.015] GetFileType (hFile=0x2cc) returned 0x1 [0220.015] ReadFile (in: hFile=0x2cc, lpBuffer=0x2314650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2314650*, lpNumberOfBytesRead=0x15edd8*=0x3c3, lpOverlapped=0x0) returned 1 [0220.015] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.015] WriteFile (in: hFile=0x2cc, lpBuffer=0x2314650*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2314650*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.015] CloseHandle (hObject=0x2cc) returned 1 [0220.017] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dy8.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dy8.lnk", lpFilePart=0x0) returned 0x43 [0220.017] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dy8.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dy8.lnk.rtcrypted", lpFilePart=0x0) returned 0x4d [0220.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.017] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dy8.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dy8.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7785d3d, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1785dbd3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1785dbd3, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3c3)) returned 1 [0220.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.018] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dy8.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dy8.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dy8.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\dy8.lnk.rtcrypted")) returned 1 [0220.027] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.027] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.028] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.028] GetFileType (hFile=0x2cc) returned 0x1 [0220.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.028] GetFileType (hFile=0x2cc) returned 0x1 [0220.028] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1cf1 [0220.029] WriteFile (in: hFile=0x2cc, lpBuffer=0x2316f78*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2316f78*, lpNumberOfBytesWritten=0x15ecc8*=0x44, lpOverlapped=0x0) returned 1 [0220.029] CloseHandle (hObject=0x2cc) returned 1 [0220.034] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.035] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e95MKF1cwUHr.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e95MKF1cwUHr.lnk", lpFilePart=0x0) returned 0x4c [0220.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.036] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e95MKF1cwUHr.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\e95mkf1cwuhr.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.037] GetFileType (hFile=0x2cc) returned 0x1 [0220.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.037] GetFileType (hFile=0x2cc) returned 0x1 [0220.037] ReadFile (in: hFile=0x2cc, lpBuffer=0x2318530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2318530*, lpNumberOfBytesRead=0x15edd8*=0x46a, lpOverlapped=0x0) returned 1 [0220.038] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.038] WriteFile (in: hFile=0x2cc, lpBuffer=0x2318530*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2318530*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.039] CloseHandle (hObject=0x2cc) returned 1 [0220.064] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e95MKF1cwUHr.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e95MKF1cwUHr.lnk", lpFilePart=0x0) returned 0x4c [0220.065] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e95MKF1cwUHr.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e95MKF1cwUHr.lnk.rtcrypted", lpFilePart=0x0) returned 0x56 [0220.065] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.065] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e95MKF1cwUHr.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\e95mkf1cwuhr.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf19f1dc8, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17883f05, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17883f05, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x46a)) returned 1 [0220.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.065] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e95MKF1cwUHr.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\e95mkf1cwuhr.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e95MKF1cwUHr.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\e95mkf1cwuhr.lnk.rtcrypted")) returned 1 [0220.068] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.068] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.069] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.069] GetFileType (hFile=0x2cc) returned 0x1 [0220.069] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.069] GetFileType (hFile=0x2cc) returned 0x1 [0220.069] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1d35 [0220.070] WriteFile (in: hFile=0x2cc, lpBuffer=0x231aeb8*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x231aeb8*, lpNumberOfBytesWritten=0x15ecc8*=0x4d, lpOverlapped=0x0) returned 1 [0220.071] CloseHandle (hObject=0x2cc) returned 1 [0220.084] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.084] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EgF5qYYsDP3TXhIOn.pps.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EgF5qYYsDP3TXhIOn.pps.lnk", lpFilePart=0x0) returned 0x55 [0220.084] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.085] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EgF5qYYsDP3TXhIOn.pps.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\egf5qyysdp3txhion.pps.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0220.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15b118) returned 1 [0220.093] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EgF5qYYsDP3TXhIOn.pps.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EgF5qYYsDP3TXhIOn.pps.lnk", lpFilePart=0x0) returned 0x55 [0220.093] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EgF5qYYsDP3TXhIOn.pps.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EgF5qYYsDP3TXhIOn.pps.lnk.rtcrypted", lpFilePart=0x0) returned 0x5f [0220.093] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EgF5qYYsDP3TXhIOn.pps.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\egf5qyysdp3txhion.pps.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0220.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.098] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.098] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EIweEXdtYapI-M.doc.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EIweEXdtYapI-M.doc.lnk", lpFilePart=0x0) returned 0x52 [0220.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.099] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EIweEXdtYapI-M.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\eiweexdtyapi-m.doc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.099] GetFileType (hFile=0x2cc) returned 0x1 [0220.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.099] GetFileType (hFile=0x2cc) returned 0x1 [0220.100] ReadFile (in: hFile=0x2cc, lpBuffer=0x211dc60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x211dc60*, lpNumberOfBytesRead=0x15edd8*=0x400, lpOverlapped=0x0) returned 1 [0220.100] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.100] WriteFile (in: hFile=0x2cc, lpBuffer=0x211dc60*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x211dc60*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.100] CloseHandle (hObject=0x2cc) returned 1 [0220.101] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EIweEXdtYapI-M.doc.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EIweEXdtYapI-M.doc.lnk", lpFilePart=0x0) returned 0x52 [0220.102] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EIweEXdtYapI-M.doc.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EIweEXdtYapI-M.doc.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0220.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.102] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EIweEXdtYapI-M.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\eiweexdtyapi-m.doc.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x987ad55, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x1791c52c, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1791c52c, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x400)) returned 1 [0220.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.102] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EIweEXdtYapI-M.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\eiweexdtyapi-m.doc.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EIweEXdtYapI-M.doc.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\eiweexdtyapi-m.doc.lnk.rtcrypted")) returned 1 [0220.103] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.104] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.104] GetFileType (hFile=0x2cc) returned 0x1 [0220.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.104] GetFileType (hFile=0x2cc) returned 0x1 [0220.104] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1d82 [0220.105] WriteFile (in: hFile=0x2cc, lpBuffer=0x2120600*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2120600*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0220.105] CloseHandle (hObject=0x2cc) returned 1 [0220.107] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.107] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eM1JFyu4JyX_V Ar.doc.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eM1JFyu4JyX_V Ar.doc.lnk", lpFilePart=0x0) returned 0x54 [0220.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.107] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eM1JFyu4JyX_V Ar.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\em1jfyu4jyx_v ar.doc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.108] GetFileType (hFile=0x2cc) returned 0x1 [0220.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.108] GetFileType (hFile=0x2cc) returned 0x1 [0220.108] ReadFile (in: hFile=0x2cc, lpBuffer=0x2121bd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2121bd8*, lpNumberOfBytesRead=0x15edd8*=0x2af, lpOverlapped=0x0) returned 1 [0220.108] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.109] WriteFile (in: hFile=0x2cc, lpBuffer=0x2121bd8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2121bd8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.109] CloseHandle (hObject=0x2cc) returned 1 [0220.110] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eM1JFyu4JyX_V Ar.doc.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eM1JFyu4JyX_V Ar.doc.lnk", lpFilePart=0x0) returned 0x54 [0220.110] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eM1JFyu4JyX_V Ar.doc.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eM1JFyu4JyX_V Ar.doc.lnk.rtcrypted", lpFilePart=0x0) returned 0x5e [0220.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.110] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eM1JFyu4JyX_V Ar.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\em1jfyu4jyx_v ar.doc.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe20b0c09, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17942a0e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17942a0e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2af)) returned 1 [0220.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.110] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eM1JFyu4JyX_V Ar.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\em1jfyu4jyx_v ar.doc.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eM1JFyu4JyX_V Ar.doc.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\em1jfyu4jyx_v ar.doc.lnk.rtcrypted")) returned 1 [0220.111] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.112] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.112] GetFileType (hFile=0x2cc) returned 0x1 [0220.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.112] GetFileType (hFile=0x2cc) returned 0x1 [0220.112] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1dd5 [0220.112] WriteFile (in: hFile=0x2cc, lpBuffer=0x2124588*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2124588*, lpNumberOfBytesWritten=0x15ecc8*=0x55, lpOverlapped=0x0) returned 1 [0220.113] CloseHandle (hObject=0x2cc) returned 1 [0220.114] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.114] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eTG7NzXPZhX.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eTG7NzXPZhX.lnk", lpFilePart=0x0) returned 0x4b [0220.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.115] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eTG7NzXPZhX.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\etg7nzxpzhx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.115] GetFileType (hFile=0x2cc) returned 0x1 [0220.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.115] GetFileType (hFile=0x2cc) returned 0x1 [0220.116] ReadFile (in: hFile=0x2cc, lpBuffer=0x2125b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2125b30*, lpNumberOfBytesRead=0x15edd8*=0x304, lpOverlapped=0x0) returned 1 [0220.116] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.116] WriteFile (in: hFile=0x2cc, lpBuffer=0x2125b30*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2125b30*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.116] CloseHandle (hObject=0x2cc) returned 1 [0220.117] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eTG7NzXPZhX.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eTG7NzXPZhX.lnk", lpFilePart=0x0) returned 0x4b [0220.117] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eTG7NzXPZhX.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eTG7NzXPZhX.lnk.rtcrypted", lpFilePart=0x0) returned 0x55 [0220.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eTG7NzXPZhX.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\etg7nzxpzhx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9a6a720, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17942a0e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17942a0e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x304)) returned 1 [0220.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.118] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eTG7NzXPZhX.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\etg7nzxpzhx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eTG7NzXPZhX.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\etg7nzxpzhx.lnk.rtcrypted")) returned 1 [0220.138] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.138] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.138] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.138] GetFileType (hFile=0x2cc) returned 0x1 [0220.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.139] GetFileType (hFile=0x2cc) returned 0x1 [0220.139] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1e2a [0220.139] WriteFile (in: hFile=0x2cc, lpBuffer=0x2128498*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2128498*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0220.139] CloseHandle (hObject=0x2cc) returned 1 [0220.141] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.142] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EVZV9g78HF1 1b20ex.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EVZV9g78HF1 1b20ex.lnk", lpFilePart=0x0) returned 0x52 [0220.142] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.142] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EVZV9g78HF1 1b20ex.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\evzv9g78hf1 1b20ex.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.142] GetFileType (hFile=0x2cc) returned 0x1 [0220.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.143] GetFileType (hFile=0x2cc) returned 0x1 [0220.143] ReadFile (in: hFile=0x2cc, lpBuffer=0x2129a60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2129a60*, lpNumberOfBytesRead=0x15edd8*=0x53e, lpOverlapped=0x0) returned 1 [0220.143] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.143] WriteFile (in: hFile=0x2cc, lpBuffer=0x2129a60*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2129a60*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.144] CloseHandle (hObject=0x2cc) returned 1 [0220.145] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EVZV9g78HF1 1b20ex.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EVZV9g78HF1 1b20ex.lnk", lpFilePart=0x0) returned 0x52 [0220.145] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EVZV9g78HF1 1b20ex.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EVZV9g78HF1 1b20ex.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0220.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EVZV9g78HF1 1b20ex.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\evzv9g78hf1 1b20ex.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe44c7c7b, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1798ec50, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1798ec50, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x53e)) returned 1 [0220.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.214] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EVZV9g78HF1 1b20ex.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\evzv9g78hf1 1b20ex.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EVZV9g78HF1 1b20ex.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\evzv9g78hf1 1b20ex.lnk.rtcrypted")) returned 1 [0220.216] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.216] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.216] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.216] GetFileType (hFile=0x2cc) returned 0x1 [0220.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.216] GetFileType (hFile=0x2cc) returned 0x1 [0220.217] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1e76 [0220.217] WriteFile (in: hFile=0x2cc, lpBuffer=0x212c400*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x212c400*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0220.217] CloseHandle (hObject=0x2cc) returned 1 [0220.220] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.220] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e_2t.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e_2t.lnk", lpFilePart=0x0) returned 0x44 [0220.220] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.221] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e_2t.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\e_2t.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.221] GetFileType (hFile=0x2cc) returned 0x1 [0220.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.221] GetFileType (hFile=0x2cc) returned 0x1 [0220.221] ReadFile (in: hFile=0x2cc, lpBuffer=0x212d998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x212d998*, lpNumberOfBytesRead=0x15edd8*=0x3b7, lpOverlapped=0x0) returned 1 [0220.222] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.229] WriteFile (in: hFile=0x2cc, lpBuffer=0x212d998*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x212d998*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.229] CloseHandle (hObject=0x2cc) returned 1 [0220.231] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e_2t.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e_2t.lnk", lpFilePart=0x0) returned 0x44 [0220.231] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e_2t.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e_2t.lnk.rtcrypted", lpFilePart=0x0) returned 0x4e [0220.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e_2t.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\e_2t.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcf09424, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17a740d5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17a740d5, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3b7)) returned 1 [0220.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.231] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e_2t.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\e_2t.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e_2t.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\e_2t.lnk.rtcrypted")) returned 1 [0220.233] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.233] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.233] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.234] GetFileType (hFile=0x2cc) returned 0x1 [0220.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.234] GetFileType (hFile=0x2cc) returned 0x1 [0220.234] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1ec9 [0220.235] WriteFile (in: hFile=0x2cc, lpBuffer=0x21302c8*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21302c8*, lpNumberOfBytesWritten=0x15ecc8*=0x45, lpOverlapped=0x0) returned 1 [0220.235] CloseHandle (hObject=0x2cc) returned 1 [0220.238] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.239] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F5J9i2mP6f7Fg yEKZw4.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F5J9i2mP6f7Fg yEKZw4.lnk", lpFilePart=0x0) returned 0x54 [0220.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.239] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F5J9i2mP6f7Fg yEKZw4.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\f5j9i2mp6f7fg yekzw4.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.239] GetFileType (hFile=0x2cc) returned 0x1 [0220.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.239] GetFileType (hFile=0x2cc) returned 0x1 [0220.240] ReadFile (in: hFile=0x2cc, lpBuffer=0x21318a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21318a0*, lpNumberOfBytesRead=0x15edd8*=0x55f, lpOverlapped=0x0) returned 1 [0220.240] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.240] WriteFile (in: hFile=0x2cc, lpBuffer=0x21318a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21318a0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.240] CloseHandle (hObject=0x2cc) returned 1 [0220.241] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F5J9i2mP6f7Fg yEKZw4.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F5J9i2mP6f7Fg yEKZw4.lnk", lpFilePart=0x0) returned 0x54 [0220.241] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F5J9i2mP6f7Fg yEKZw4.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F5J9i2mP6f7Fg yEKZw4.lnk.rtcrypted", lpFilePart=0x0) returned 0x5e [0220.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.242] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F5J9i2mP6f7Fg yEKZw4.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\f5j9i2mp6f7fg yekzw4.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfed478bb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17a740d5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17a740d5, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x55f)) returned 1 [0220.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.242] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F5J9i2mP6f7Fg yEKZw4.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\f5j9i2mp6f7fg yekzw4.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F5J9i2mP6f7Fg yEKZw4.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\f5j9i2mp6f7fg yekzw4.lnk.rtcrypted")) returned 1 [0220.245] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.245] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.245] GetFileType (hFile=0x2cc) returned 0x1 [0220.245] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.245] GetFileType (hFile=0x2cc) returned 0x1 [0220.245] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1f0e [0220.246] WriteFile (in: hFile=0x2cc, lpBuffer=0x2134250*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2134250*, lpNumberOfBytesWritten=0x15ecc8*=0x55, lpOverlapped=0x0) returned 1 [0220.246] CloseHandle (hObject=0x2cc) returned 1 [0220.248] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.248] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fabE6LAM6xEtP.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fabE6LAM6xEtP.lnk", lpFilePart=0x0) returned 0x4d [0220.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.248] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fabE6LAM6xEtP.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fabe6lam6xetp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.249] GetFileType (hFile=0x2cc) returned 0x1 [0220.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.249] GetFileType (hFile=0x2cc) returned 0x1 [0220.249] ReadFile (in: hFile=0x2cc, lpBuffer=0x2135808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2135808*, lpNumberOfBytesRead=0x15edd8*=0x409, lpOverlapped=0x0) returned 1 [0220.249] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.249] WriteFile (in: hFile=0x2cc, lpBuffer=0x2135808*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2135808*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.250] CloseHandle (hObject=0x2cc) returned 1 [0220.251] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fabE6LAM6xEtP.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fabE6LAM6xEtP.lnk", lpFilePart=0x0) returned 0x4d [0220.251] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fabE6LAM6xEtP.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fabE6LAM6xEtP.lnk.rtcrypted", lpFilePart=0x0) returned 0x57 [0220.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fabE6LAM6xEtP.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fabe6lam6xetp.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4126c5f9, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x17a99f1d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17a99f1d, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x409)) returned 1 [0220.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.251] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fabE6LAM6xEtP.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fabe6lam6xetp.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fabE6LAM6xEtP.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fabe6lam6xetp.lnk.rtcrypted")) returned 1 [0220.252] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.252] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.253] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.253] GetFileType (hFile=0x2cc) returned 0x1 [0220.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.253] GetFileType (hFile=0x2cc) returned 0x1 [0220.253] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1f63 [0220.253] WriteFile (in: hFile=0x2cc, lpBuffer=0x2138178*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2138178*, lpNumberOfBytesWritten=0x15ecc8*=0x4e, lpOverlapped=0x0) returned 1 [0220.254] CloseHandle (hObject=0x2cc) returned 1 [0220.256] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.256] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fenqGAG3YChp.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fenqGAG3YChp.lnk", lpFilePart=0x0) returned 0x4c [0220.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.257] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fenqGAG3YChp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fenqgag3ychp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.257] GetFileType (hFile=0x2cc) returned 0x1 [0220.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.257] GetFileType (hFile=0x2cc) returned 0x1 [0220.258] ReadFile (in: hFile=0x2cc, lpBuffer=0x2139730, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2139730*, lpNumberOfBytesRead=0x15edd8*=0x4a2, lpOverlapped=0x0) returned 1 [0220.258] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.258] WriteFile (in: hFile=0x2cc, lpBuffer=0x2139730*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2139730*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.258] CloseHandle (hObject=0x2cc) returned 1 [0220.259] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fenqGAG3YChp.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fenqGAG3YChp.lnk", lpFilePart=0x0) returned 0x4c [0220.259] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fenqGAG3YChp.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fenqGAG3YChp.lnk.rtcrypted", lpFilePart=0x0) returned 0x56 [0220.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.259] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fenqGAG3YChp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fenqgag3ychp.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebc429d0, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17a99f1d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17a99f1d, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x4a2)) returned 1 [0220.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.303] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fenqGAG3YChp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fenqgag3ychp.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fenqGAG3YChp.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fenqgag3ychp.lnk.rtcrypted")) returned 1 [0220.304] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.305] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.305] GetFileType (hFile=0x2cc) returned 0x1 [0220.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.305] GetFileType (hFile=0x2cc) returned 0x1 [0220.305] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1fb1 [0220.306] WriteFile (in: hFile=0x2cc, lpBuffer=0x213c0a0*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x213c0a0*, lpNumberOfBytesWritten=0x15ecc8*=0x4d, lpOverlapped=0x0) returned 1 [0220.306] CloseHandle (hObject=0x2cc) returned 1 [0220.309] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.309] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHPuaK.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHPuaK.lnk", lpFilePart=0x0) returned 0x46 [0220.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.310] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHPuaK.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fhpuak.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.310] GetFileType (hFile=0x2cc) returned 0x1 [0220.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.310] GetFileType (hFile=0x2cc) returned 0x1 [0220.311] ReadFile (in: hFile=0x2cc, lpBuffer=0x213d638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x213d638*, lpNumberOfBytesRead=0x15edd8*=0x3d6, lpOverlapped=0x0) returned 1 [0220.311] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.311] WriteFile (in: hFile=0x2cc, lpBuffer=0x213d638*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x213d638*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.312] CloseHandle (hObject=0x2cc) returned 1 [0220.313] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHPuaK.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHPuaK.lnk", lpFilePart=0x0) returned 0x46 [0220.313] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHPuaK.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHPuaK.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0220.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.313] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHPuaK.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fhpuak.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d1b904, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x17b32ba8, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17b32ba8, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3d6)) returned 1 [0220.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.313] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHPuaK.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fhpuak.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHPuaK.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fhpuak.lnk.rtcrypted")) returned 1 [0220.315] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.315] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.315] GetFileType (hFile=0x2cc) returned 0x1 [0220.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.315] GetFileType (hFile=0x2cc) returned 0x1 [0220.316] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x1ffe [0220.316] WriteFile (in: hFile=0x2cc, lpBuffer=0x213ff78*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x213ff78*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0220.317] CloseHandle (hObject=0x2cc) returned 1 [0220.318] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.319] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKIJsgucmnFedTn EAkl.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKIJsgucmnFedTn EAkl.lnk", lpFilePart=0x0) returned 0x54 [0220.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.319] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKIJsgucmnFedTn EAkl.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fkijsgucmnfedtn eakl.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.320] GetFileType (hFile=0x2cc) returned 0x1 [0220.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.320] GetFileType (hFile=0x2cc) returned 0x1 [0220.320] ReadFile (in: hFile=0x2cc, lpBuffer=0x2141550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2141550*, lpNumberOfBytesRead=0x15edd8*=0x41e, lpOverlapped=0x0) returned 1 [0220.321] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.321] WriteFile (in: hFile=0x2cc, lpBuffer=0x2141550*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2141550*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.321] CloseHandle (hObject=0x2cc) returned 1 [0220.323] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKIJsgucmnFedTn EAkl.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKIJsgucmnFedTn EAkl.lnk", lpFilePart=0x0) returned 0x54 [0220.323] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKIJsgucmnFedTn EAkl.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKIJsgucmnFedTn EAkl.lnk.rtcrypted", lpFilePart=0x0) returned 0x5e [0220.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.323] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKIJsgucmnFedTn EAkl.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fkijsgucmnfedtn eakl.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe85c8c8, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17b32ba8, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17b32ba8, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x41e)) returned 1 [0220.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.324] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKIJsgucmnFedTn EAkl.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fkijsgucmnfedtn eakl.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKIJsgucmnFedTn EAkl.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\fkijsgucmnfedtn eakl.lnk.rtcrypted")) returned 1 [0220.325] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.326] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.326] GetFileType (hFile=0x2cc) returned 0x1 [0220.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.326] GetFileType (hFile=0x2cc) returned 0x1 [0220.326] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2045 [0220.327] WriteFile (in: hFile=0x2cc, lpBuffer=0x2143f00*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2143f00*, lpNumberOfBytesWritten=0x15ecc8*=0x55, lpOverlapped=0x0) returned 1 [0220.327] CloseHandle (hObject=0x2cc) returned 1 [0220.329] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.329] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GC 5fQQJc4NHBM7mhV.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GC 5fQQJc4NHBM7mhV.lnk", lpFilePart=0x0) returned 0x52 [0220.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.330] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GC 5fQQJc4NHBM7mhV.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gc 5fqqjc4nhbm7mhv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.330] GetFileType (hFile=0x2cc) returned 0x1 [0220.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.330] GetFileType (hFile=0x2cc) returned 0x1 [0220.330] ReadFile (in: hFile=0x2cc, lpBuffer=0x21454c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21454c8*, lpNumberOfBytesRead=0x15edd8*=0x3ff, lpOverlapped=0x0) returned 1 [0220.331] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.331] WriteFile (in: hFile=0x2cc, lpBuffer=0x21454c8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21454c8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.331] CloseHandle (hObject=0x2cc) returned 1 [0220.332] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GC 5fQQJc4NHBM7mhV.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GC 5fQQJc4NHBM7mhV.lnk", lpFilePart=0x0) returned 0x52 [0220.332] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GC 5fQQJc4NHBM7mhV.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GC 5fQQJc4NHBM7mhV.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0220.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GC 5fQQJc4NHBM7mhV.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gc 5fqqjc4nhbm7mhv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x572c94e, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x17b59067, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17b59067, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3ff)) returned 1 [0220.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.333] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GC 5fQQJc4NHBM7mhV.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gc 5fqqjc4nhbm7mhv.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GC 5fQQJc4NHBM7mhV.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gc 5fqqjc4nhbm7mhv.lnk.rtcrypted")) returned 1 [0220.334] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.334] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.335] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.335] GetFileType (hFile=0x2cc) returned 0x1 [0220.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.335] GetFileType (hFile=0x2cc) returned 0x1 [0220.335] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x209a [0220.336] WriteFile (in: hFile=0x2cc, lpBuffer=0x2147e68*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2147e68*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0220.336] CloseHandle (hObject=0x2cc) returned 1 [0220.390] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.390] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GDLIsvWIqGajKiRN9dGO.pptx.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GDLIsvWIqGajKiRN9dGO.pptx.lnk", lpFilePart=0x0) returned 0x59 [0220.390] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.390] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GDLIsvWIqGajKiRN9dGO.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gdlisvwiqgajkirn9dgo.pptx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.391] GetFileType (hFile=0x2cc) returned 0x1 [0220.391] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.391] GetFileType (hFile=0x2cc) returned 0x1 [0220.391] ReadFile (in: hFile=0x2cc, lpBuffer=0x2149438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2149438*, lpNumberOfBytesRead=0x15edd8*=0x409, lpOverlapped=0x0) returned 1 [0220.391] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.391] WriteFile (in: hFile=0x2cc, lpBuffer=0x2149438*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2149438*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.392] CloseHandle (hObject=0x2cc) returned 1 [0220.393] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GDLIsvWIqGajKiRN9dGO.pptx.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GDLIsvWIqGajKiRN9dGO.pptx.lnk", lpFilePart=0x0) returned 0x59 [0220.393] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GDLIsvWIqGajKiRN9dGO.pptx.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GDLIsvWIqGajKiRN9dGO.pptx.lnk.rtcrypted", lpFilePart=0x0) returned 0x63 [0220.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GDLIsvWIqGajKiRN9dGO.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gdlisvwiqgajkirn9dgo.pptx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4845c4b, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x17bf167f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17bf167f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x409)) returned 1 [0220.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.394] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GDLIsvWIqGajKiRN9dGO.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gdlisvwiqgajkirn9dgo.pptx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GDLIsvWIqGajKiRN9dGO.pptx.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gdlisvwiqgajkirn9dgo.pptx.lnk.rtcrypted")) returned 1 [0220.395] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.395] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.395] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.395] GetFileType (hFile=0x2cc) returned 0x1 [0220.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.395] GetFileType (hFile=0x2cc) returned 0x1 [0220.395] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x20ed [0220.396] WriteFile (in: hFile=0x2cc, lpBuffer=0x214be20*, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x214be20*, lpNumberOfBytesWritten=0x15ecc8*=0x5a, lpOverlapped=0x0) returned 1 [0220.396] CloseHandle (hObject=0x2cc) returned 1 [0220.397] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.398] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gDn4S0f.ppt.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gDn4S0f.ppt.lnk", lpFilePart=0x0) returned 0x4b [0220.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.398] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gDn4S0f.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gdn4s0f.ppt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.398] GetFileType (hFile=0x2cc) returned 0x1 [0220.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.398] GetFileType (hFile=0x2cc) returned 0x1 [0220.398] ReadFile (in: hFile=0x2cc, lpBuffer=0x214d3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x214d3b0*, lpNumberOfBytesRead=0x15edd8*=0x505, lpOverlapped=0x0) returned 1 [0220.398] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.399] WriteFile (in: hFile=0x2cc, lpBuffer=0x214d3b0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x214d3b0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.399] CloseHandle (hObject=0x2cc) returned 1 [0220.400] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gDn4S0f.ppt.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gDn4S0f.ppt.lnk", lpFilePart=0x0) returned 0x4b [0220.400] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gDn4S0f.ppt.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gDn4S0f.ppt.lnk.rtcrypted", lpFilePart=0x0) returned 0x55 [0220.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.400] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gDn4S0f.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gdn4s0f.ppt.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf328152d, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17bf167f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17bf167f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x505)) returned 1 [0220.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.401] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gDn4S0f.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gdn4s0f.ppt.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gDn4S0f.ppt.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gdn4s0f.ppt.lnk.rtcrypted")) returned 1 [0220.402] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.402] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.403] GetFileType (hFile=0x2cc) returned 0x1 [0220.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.403] GetFileType (hFile=0x2cc) returned 0x1 [0220.403] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2147 [0220.403] WriteFile (in: hFile=0x2cc, lpBuffer=0x214fd30*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x214fd30*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0220.403] CloseHandle (hObject=0x2cc) returned 1 [0220.405] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.405] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gmIBz_0QcERv2HE.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gmIBz_0QcERv2HE.lnk", lpFilePart=0x0) returned 0x4f [0220.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.406] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gmIBz_0QcERv2HE.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gmibz_0qcerv2he.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.406] GetFileType (hFile=0x2cc) returned 0x1 [0220.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.406] GetFileType (hFile=0x2cc) returned 0x1 [0220.406] ReadFile (in: hFile=0x2cc, lpBuffer=0x21512d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21512d0*, lpNumberOfBytesRead=0x15edd8*=0x3f0, lpOverlapped=0x0) returned 1 [0220.406] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.407] WriteFile (in: hFile=0x2cc, lpBuffer=0x21512d0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21512d0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.407] CloseHandle (hObject=0x2cc) returned 1 [0220.408] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gmIBz_0QcERv2HE.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gmIBz_0QcERv2HE.lnk", lpFilePart=0x0) returned 0x4f [0220.408] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gmIBz_0QcERv2HE.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gmIBz_0QcERv2HE.lnk.rtcrypted", lpFilePart=0x0) returned 0x59 [0220.408] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.408] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gmIBz_0QcERv2HE.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gmibz_0qcerv2he.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c2b1db, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x17c177bd, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17c177bd, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3f0)) returned 1 [0220.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.408] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gmIBz_0QcERv2HE.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gmibz_0qcerv2he.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gmIBz_0QcERv2HE.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gmibz_0qcerv2he.lnk.rtcrypted")) returned 1 [0220.409] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.409] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.410] GetFileType (hFile=0x2cc) returned 0x1 [0220.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.410] GetFileType (hFile=0x2cc) returned 0x1 [0220.410] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2193 [0220.410] WriteFile (in: hFile=0x2cc, lpBuffer=0x2153c70*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2153c70*, lpNumberOfBytesWritten=0x15ecc8*=0x50, lpOverlapped=0x0) returned 1 [0220.410] CloseHandle (hObject=0x2cc) returned 1 [0220.411] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.412] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gMmQ7sMpVxP4WwXZrp.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gMmQ7sMpVxP4WwXZrp.lnk", lpFilePart=0x0) returned 0x52 [0220.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.412] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gMmQ7sMpVxP4WwXZrp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gmmq7smpvxp4wwxzrp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.412] GetFileType (hFile=0x2cc) returned 0x1 [0220.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.412] GetFileType (hFile=0x2cc) returned 0x1 [0220.413] ReadFile (in: hFile=0x2cc, lpBuffer=0x2155220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2155220*, lpNumberOfBytesRead=0x15edd8*=0x3a3, lpOverlapped=0x0) returned 1 [0220.413] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.413] WriteFile (in: hFile=0x2cc, lpBuffer=0x2155220*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2155220*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.413] CloseHandle (hObject=0x2cc) returned 1 [0220.414] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gMmQ7sMpVxP4WwXZrp.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gMmQ7sMpVxP4WwXZrp.lnk", lpFilePart=0x0) returned 0x52 [0220.414] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gMmQ7sMpVxP4WwXZrp.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gMmQ7sMpVxP4WwXZrp.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0220.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gMmQ7sMpVxP4WwXZrp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gmmq7smpvxp4wwxzrp.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebcb4d79, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17c177bd, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17c177bd, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3a3)) returned 1 [0220.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.414] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gMmQ7sMpVxP4WwXZrp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gmmq7smpvxp4wwxzrp.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gMmQ7sMpVxP4WwXZrp.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\gmmq7smpvxp4wwxzrp.lnk.rtcrypted")) returned 1 [0220.417] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.417] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.417] GetFileType (hFile=0x2cc) returned 0x1 [0220.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.417] GetFileType (hFile=0x2cc) returned 0x1 [0220.418] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x21e3 [0220.418] WriteFile (in: hFile=0x2cc, lpBuffer=0x2157bd8*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2157bd8*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0220.418] CloseHandle (hObject=0x2cc) returned 1 [0220.420] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.421] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\goujVTDJ1s18.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\goujVTDJ1s18.lnk", lpFilePart=0x0) returned 0x4c [0220.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.421] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\goujVTDJ1s18.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\goujvtdj1s18.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.421] GetFileType (hFile=0x2cc) returned 0x1 [0220.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.422] GetFileType (hFile=0x2cc) returned 0x1 [0220.422] ReadFile (in: hFile=0x2cc, lpBuffer=0x2159178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2159178*, lpNumberOfBytesRead=0x15edd8*=0x692, lpOverlapped=0x0) returned 1 [0220.422] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.422] WriteFile (in: hFile=0x2cc, lpBuffer=0x2159178*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2159178*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.422] CloseHandle (hObject=0x2cc) returned 1 [0220.423] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\goujVTDJ1s18.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\goujVTDJ1s18.lnk", lpFilePart=0x0) returned 0x4c [0220.423] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\goujVTDJ1s18.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\goujVTDJ1s18.lnk.rtcrypted", lpFilePart=0x0) returned 0x56 [0220.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.423] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\goujVTDJ1s18.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\goujvtdj1s18.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe27fdc41, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17c3da64, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17c3da64, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x692)) returned 1 [0220.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.424] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\goujVTDJ1s18.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\goujvtdj1s18.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\goujVTDJ1s18.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\goujvtdj1s18.lnk.rtcrypted")) returned 1 [0220.425] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.425] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.426] GetFileType (hFile=0x2cc) returned 0x1 [0220.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.426] GetFileType (hFile=0x2cc) returned 0x1 [0220.426] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2236 [0220.426] WriteFile (in: hFile=0x2cc, lpBuffer=0x215bb00*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x215bb00*, lpNumberOfBytesWritten=0x15ecc8*=0x4d, lpOverlapped=0x0) returned 1 [0220.427] CloseHandle (hObject=0x2cc) returned 1 [0220.428] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.428] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hIUicmYfr BOKO-G7dUP.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hIUicmYfr BOKO-G7dUP.flv.lnk", lpFilePart=0x0) returned 0x58 [0220.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.429] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hIUicmYfr BOKO-G7dUP.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\hiuicmyfr boko-g7dup.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.429] GetFileType (hFile=0x2cc) returned 0x1 [0220.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.429] GetFileType (hFile=0x2cc) returned 0x1 [0220.429] ReadFile (in: hFile=0x2cc, lpBuffer=0x215d0d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x215d0d0*, lpNumberOfBytesRead=0x15edd8*=0x3ed, lpOverlapped=0x0) returned 1 [0220.429] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.429] WriteFile (in: hFile=0x2cc, lpBuffer=0x215d0d0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x215d0d0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.430] CloseHandle (hObject=0x2cc) returned 1 [0220.430] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hIUicmYfr BOKO-G7dUP.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hIUicmYfr BOKO-G7dUP.flv.lnk", lpFilePart=0x0) returned 0x58 [0220.430] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hIUicmYfr BOKO-G7dUP.flv.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hIUicmYfr BOKO-G7dUP.flv.lnk.rtcrypted", lpFilePart=0x0) returned 0x62 [0220.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hIUicmYfr BOKO-G7dUP.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\hiuicmyfr boko-g7dup.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf683e33f, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17c3da64, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17c3da64, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3ed)) returned 1 [0220.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.431] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hIUicmYfr BOKO-G7dUP.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\hiuicmyfr boko-g7dup.flv.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hIUicmYfr BOKO-G7dUP.flv.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\hiuicmyfr boko-g7dup.flv.lnk.rtcrypted")) returned 1 [0220.518] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.518] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.518] GetFileType (hFile=0x2cc) returned 0x1 [0220.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.519] GetFileType (hFile=0x2cc) returned 0x1 [0220.519] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2283 [0220.519] WriteFile (in: hFile=0x2cc, lpBuffer=0x219baa8*, nNumberOfBytesToWrite=0x59, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x219baa8*, lpNumberOfBytesWritten=0x15ecc8*=0x59, lpOverlapped=0x0) returned 1 [0220.519] CloseHandle (hObject=0x2cc) returned 1 [0220.523] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.523] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HP_ON6wZYt.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HP_ON6wZYt.lnk", lpFilePart=0x0) returned 0x4a [0220.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.524] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HP_ON6wZYt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\hp_on6wzyt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.525] GetFileType (hFile=0x2cc) returned 0x1 [0220.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.529] GetFileType (hFile=0x2cc) returned 0x1 [0220.529] ReadFile (in: hFile=0x2cc, lpBuffer=0x219d038, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x219d038*, lpNumberOfBytesRead=0x15edd8*=0x3ec, lpOverlapped=0x0) returned 1 [0220.530] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.530] WriteFile (in: hFile=0x2cc, lpBuffer=0x219d038*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x219d038*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.531] CloseHandle (hObject=0x2cc) returned 1 [0220.533] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HP_ON6wZYt.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HP_ON6wZYt.lnk", lpFilePart=0x0) returned 0x4a [0220.533] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HP_ON6wZYt.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HP_ON6wZYt.lnk.rtcrypted", lpFilePart=0x0) returned 0x54 [0220.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.533] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HP_ON6wZYt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\hp_on6wzyt.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5be03d4, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17d498ef, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17d498ef, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3ec)) returned 1 [0220.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.533] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HP_ON6wZYt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\hp_on6wzyt.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HP_ON6wZYt.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\hp_on6wzyt.lnk.rtcrypted")) returned 1 [0220.536] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.537] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.538] GetFileType (hFile=0x2cc) returned 0x1 [0220.538] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.538] GetFileType (hFile=0x2cc) returned 0x1 [0220.538] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x22dc [0220.539] WriteFile (in: hFile=0x2cc, lpBuffer=0x219f9b0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x219f9b0*, lpNumberOfBytesWritten=0x15ecc8*=0x4b, lpOverlapped=0x0) returned 1 [0220.539] CloseHandle (hObject=0x2cc) returned 1 [0220.545] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.545] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\I-byl6.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\I-byl6.lnk", lpFilePart=0x0) returned 0x46 [0220.545] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.546] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\I-byl6.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\i-byl6.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.546] GetFileType (hFile=0x2cc) returned 0x1 [0220.546] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.546] GetFileType (hFile=0x2cc) returned 0x1 [0220.546] ReadFile (in: hFile=0x2cc, lpBuffer=0x21a0f30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21a0f30*, lpNumberOfBytesRead=0x15edd8*=0x482, lpOverlapped=0x0) returned 1 [0220.547] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.547] WriteFile (in: hFile=0x2cc, lpBuffer=0x21a0f30*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21a0f30*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.547] CloseHandle (hObject=0x2cc) returned 1 [0220.548] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\I-byl6.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\I-byl6.lnk", lpFilePart=0x0) returned 0x46 [0220.549] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\I-byl6.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\I-byl6.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0220.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.549] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\I-byl6.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\i-byl6.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2063d12, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17d6f6a7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17d6f6a7, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x482)) returned 1 [0220.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.549] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\I-byl6.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\i-byl6.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\I-byl6.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\i-byl6.lnk.rtcrypted")) returned 1 [0220.551] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.551] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.551] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.552] GetFileType (hFile=0x2cc) returned 0x1 [0220.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.552] GetFileType (hFile=0x2cc) returned 0x1 [0220.552] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2327 [0220.553] WriteFile (in: hFile=0x2cc, lpBuffer=0x21a3888*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21a3888*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0220.553] CloseHandle (hObject=0x2cc) returned 1 [0220.555] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.556] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ikU4Z6NJTIS4CI7XUt.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ikU4Z6NJTIS4CI7XUt.lnk", lpFilePart=0x0) returned 0x52 [0220.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.556] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ikU4Z6NJTIS4CI7XUt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\iku4z6njtis4ci7xut.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.592] GetFileType (hFile=0x2cc) returned 0x1 [0220.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.592] GetFileType (hFile=0x2cc) returned 0x1 [0220.592] ReadFile (in: hFile=0x2cc, lpBuffer=0x21a9108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21a9108*, lpNumberOfBytesRead=0x15edd8*=0x5e3, lpOverlapped=0x0) returned 1 [0220.592] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.593] WriteFile (in: hFile=0x2cc, lpBuffer=0x21a9108*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21a9108*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.593] CloseHandle (hObject=0x2cc) returned 1 [0220.594] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ikU4Z6NJTIS4CI7XUt.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ikU4Z6NJTIS4CI7XUt.lnk", lpFilePart=0x0) returned 0x52 [0220.594] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ikU4Z6NJTIS4CI7XUt.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ikU4Z6NJTIS4CI7XUt.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0220.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.594] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ikU4Z6NJTIS4CI7XUt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\iku4z6njtis4ci7xut.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeaf6d491, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17de14e1, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17de14e1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x5e3)) returned 1 [0220.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.595] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ikU4Z6NJTIS4CI7XUt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\iku4z6njtis4ci7xut.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ikU4Z6NJTIS4CI7XUt.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\iku4z6njtis4ci7xut.lnk.rtcrypted")) returned 1 [0220.596] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.597] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.597] GetFileType (hFile=0x2cc) returned 0x1 [0220.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.597] GetFileType (hFile=0x2cc) returned 0x1 [0220.597] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x236e [0220.598] WriteFile (in: hFile=0x2cc, lpBuffer=0x21abac0*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21abac0*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0220.598] CloseHandle (hObject=0x2cc) returned 1 [0220.600] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.600] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J7Kz7aXvYKxh-WWyGI.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J7Kz7aXvYKxh-WWyGI.lnk", lpFilePart=0x0) returned 0x52 [0220.600] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.601] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J7Kz7aXvYKxh-WWyGI.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\j7kz7axvykxh-wwygi.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.601] GetFileType (hFile=0x2cc) returned 0x1 [0220.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.601] GetFileType (hFile=0x2cc) returned 0x1 [0220.601] ReadFile (in: hFile=0x2cc, lpBuffer=0x21ad070, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21ad070*, lpNumberOfBytesRead=0x15edd8*=0x543, lpOverlapped=0x0) returned 1 [0220.601] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.601] WriteFile (in: hFile=0x2cc, lpBuffer=0x21ad070*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21ad070*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.602] CloseHandle (hObject=0x2cc) returned 1 [0220.603] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J7Kz7aXvYKxh-WWyGI.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J7Kz7aXvYKxh-WWyGI.lnk", lpFilePart=0x0) returned 0x52 [0220.603] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J7Kz7aXvYKxh-WWyGI.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J7Kz7aXvYKxh-WWyGI.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0220.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.603] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J7Kz7aXvYKxh-WWyGI.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\j7kz7axvykxh-wwygi.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe284a543, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17de14e1, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17de14e1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x543)) returned 1 [0220.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.603] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J7Kz7aXvYKxh-WWyGI.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\j7kz7axvykxh-wwygi.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J7Kz7aXvYKxh-WWyGI.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\j7kz7axvykxh-wwygi.lnk.rtcrypted")) returned 1 [0220.605] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.605] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.605] GetFileType (hFile=0x2cc) returned 0x1 [0220.606] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.606] GetFileType (hFile=0x2cc) returned 0x1 [0220.606] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x23c1 [0220.606] WriteFile (in: hFile=0x2cc, lpBuffer=0x21afa28*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21afa28*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0220.606] CloseHandle (hObject=0x2cc) returned 1 [0220.608] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.608] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Jfz.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Jfz.flv.lnk", lpFilePart=0x0) returned 0x47 [0220.608] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.609] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Jfz.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jfz.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.609] GetFileType (hFile=0x2cc) returned 0x1 [0220.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.609] GetFileType (hFile=0x2cc) returned 0x1 [0220.609] ReadFile (in: hFile=0x2cc, lpBuffer=0x21b0fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21b0fa8*, lpNumberOfBytesRead=0x15edd8*=0x400, lpOverlapped=0x0) returned 1 [0220.609] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.609] WriteFile (in: hFile=0x2cc, lpBuffer=0x21b0fa8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21b0fa8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.610] CloseHandle (hObject=0x2cc) returned 1 [0220.611] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Jfz.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Jfz.flv.lnk", lpFilePart=0x0) returned 0x47 [0220.611] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Jfz.flv.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Jfz.flv.lnk.rtcrypted", lpFilePart=0x0) returned 0x51 [0220.612] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.612] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Jfz.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jfz.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf87336b7, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17e07684, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17e07684, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x400)) returned 1 [0220.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.612] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Jfz.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jfz.flv.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Jfz.flv.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jfz.flv.lnk.rtcrypted")) returned 1 [0220.613] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.614] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.614] GetFileType (hFile=0x2cc) returned 0x1 [0220.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.614] GetFileType (hFile=0x2cc) returned 0x1 [0220.614] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2414 [0220.615] WriteFile (in: hFile=0x2cc, lpBuffer=0x21b3908*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21b3908*, lpNumberOfBytesWritten=0x15ecc8*=0x48, lpOverlapped=0x0) returned 1 [0220.616] CloseHandle (hObject=0x2cc) returned 1 [0220.617] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.618] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JXeScA2ioPeBdV4Lv_Z.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JXeScA2ioPeBdV4Lv_Z.lnk", lpFilePart=0x0) returned 0x53 [0220.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.618] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JXeScA2ioPeBdV4Lv_Z.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jxesca2iopebdv4lv_z.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0220.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15b118) returned 1 [0220.625] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JXeScA2ioPeBdV4Lv_Z.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JXeScA2ioPeBdV4Lv_Z.lnk", lpFilePart=0x0) returned 0x53 [0220.625] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JXeScA2ioPeBdV4Lv_Z.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JXeScA2ioPeBdV4Lv_Z.lnk.rtcrypted", lpFilePart=0x0) returned 0x5d [0220.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.625] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JXeScA2ioPeBdV4Lv_Z.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jxesca2iopebdv4lv_z.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0220.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.632] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.633] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JxmR6v_b0d1c1TOkKn.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JxmR6v_b0d1c1TOkKn.lnk", lpFilePart=0x0) returned 0x52 [0220.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.633] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JxmR6v_b0d1c1TOkKn.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jxmr6v_b0d1c1tokkn.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.634] GetFileType (hFile=0x2cc) returned 0x1 [0220.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.634] GetFileType (hFile=0x2cc) returned 0x1 [0220.634] ReadFile (in: hFile=0x2cc, lpBuffer=0x21b5ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21b5ee0*, lpNumberOfBytesRead=0x15edd8*=0x6b0, lpOverlapped=0x0) returned 1 [0220.702] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.702] WriteFile (in: hFile=0x2cc, lpBuffer=0x21b5ee0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21b5ee0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.703] CloseHandle (hObject=0x2cc) returned 1 [0220.704] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JxmR6v_b0d1c1TOkKn.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JxmR6v_b0d1c1TOkKn.lnk", lpFilePart=0x0) returned 0x52 [0220.704] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JxmR6v_b0d1c1TOkKn.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JxmR6v_b0d1c1TOkKn.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0220.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JxmR6v_b0d1c1TOkKn.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jxmr6v_b0d1c1tokkn.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x864cbfb, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x17eec4d7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17eec4d7, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x6b0)) returned 1 [0220.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.705] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JxmR6v_b0d1c1TOkKn.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jxmr6v_b0d1c1tokkn.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JxmR6v_b0d1c1TOkKn.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jxmr6v_b0d1c1tokkn.lnk.rtcrypted")) returned 1 [0220.707] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.707] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.708] GetFileType (hFile=0x2cc) returned 0x1 [0220.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.708] GetFileType (hFile=0x2cc) returned 0x1 [0220.708] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x245c [0220.709] WriteFile (in: hFile=0x2cc, lpBuffer=0x21b8880*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21b8880*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0220.709] CloseHandle (hObject=0x2cc) returned 1 [0220.711] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.712] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jZACGvj_jUniQbGydKt.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jZACGvj_jUniQbGydKt.xlsx.lnk", lpFilePart=0x0) returned 0x58 [0220.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.712] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jZACGvj_jUniQbGydKt.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jzacgvj_juniqbgydkt.xlsx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.713] GetFileType (hFile=0x2cc) returned 0x1 [0220.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.714] GetFileType (hFile=0x2cc) returned 0x1 [0220.715] ReadFile (in: hFile=0x2cc, lpBuffer=0x21b9e68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21b9e68*, lpNumberOfBytesRead=0x15edd8*=0x4d1, lpOverlapped=0x0) returned 1 [0220.715] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.715] WriteFile (in: hFile=0x2cc, lpBuffer=0x21b9e68*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21b9e68*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.716] CloseHandle (hObject=0x2cc) returned 1 [0220.718] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jZACGvj_jUniQbGydKt.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jZACGvj_jUniQbGydKt.xlsx.lnk", lpFilePart=0x0) returned 0x58 [0220.718] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jZACGvj_jUniQbGydKt.xlsx.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jZACGvj_jUniQbGydKt.xlsx.lnk.rtcrypted", lpFilePart=0x0) returned 0x62 [0220.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.718] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jZACGvj_jUniQbGydKt.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jzacgvj_juniqbgydkt.xlsx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c523eb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17f12a2c, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17f12a2c, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x4d1)) returned 1 [0220.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.719] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jZACGvj_jUniQbGydKt.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jzacgvj_juniqbgydkt.xlsx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jZACGvj_jUniQbGydKt.xlsx.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\jzacgvj_juniqbgydkt.xlsx.lnk.rtcrypted")) returned 1 [0220.720] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.721] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.721] GetFileType (hFile=0x2cc) returned 0x1 [0220.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.721] GetFileType (hFile=0x2cc) returned 0x1 [0220.722] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x24af [0220.722] WriteFile (in: hFile=0x2cc, lpBuffer=0x21bc838*, nNumberOfBytesToWrite=0x59, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21bc838*, lpNumberOfBytesWritten=0x15ecc8*=0x59, lpOverlapped=0x0) returned 1 [0220.723] CloseHandle (hObject=0x2cc) returned 1 [0220.725] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.726] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kQnIf5.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kQnIf5.lnk", lpFilePart=0x0) returned 0x46 [0220.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.726] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kQnIf5.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\kqnif5.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.727] GetFileType (hFile=0x2cc) returned 0x1 [0220.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.727] GetFileType (hFile=0x2cc) returned 0x1 [0220.727] ReadFile (in: hFile=0x2cc, lpBuffer=0x21bddd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21bddd0*, lpNumberOfBytesRead=0x15edd8*=0x36a, lpOverlapped=0x0) returned 1 [0220.728] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.728] WriteFile (in: hFile=0x2cc, lpBuffer=0x21bddd0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21bddd0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.729] CloseHandle (hObject=0x2cc) returned 1 [0220.731] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kQnIf5.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kQnIf5.lnk", lpFilePart=0x0) returned 0x46 [0220.731] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kQnIf5.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kQnIf5.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0220.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.731] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kQnIf5.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\kqnif5.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5ce6b4e, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17f38d5c, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17f38d5c, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x36a)) returned 1 [0220.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.732] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kQnIf5.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\kqnif5.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kQnIf5.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\kqnif5.lnk.rtcrypted")) returned 1 [0220.733] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.734] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.734] GetFileType (hFile=0x2cc) returned 0x1 [0220.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.734] GetFileType (hFile=0x2cc) returned 0x1 [0220.735] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2508 [0220.735] WriteFile (in: hFile=0x2cc, lpBuffer=0x21c0710*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21c0710*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0220.736] CloseHandle (hObject=0x2cc) returned 1 [0220.738] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.738] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KrCIJZxudvtCeY.doc.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KrCIJZxudvtCeY.doc.lnk", lpFilePart=0x0) returned 0x52 [0220.738] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.739] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KrCIJZxudvtCeY.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\krcijzxudvtcey.doc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.739] GetFileType (hFile=0x2cc) returned 0x1 [0220.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.739] GetFileType (hFile=0x2cc) returned 0x1 [0220.740] ReadFile (in: hFile=0x2cc, lpBuffer=0x21c1cd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21c1cd8*, lpNumberOfBytesRead=0x15edd8*=0x51e, lpOverlapped=0x0) returned 1 [0220.740] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.740] WriteFile (in: hFile=0x2cc, lpBuffer=0x21c1cd8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21c1cd8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.741] CloseHandle (hObject=0x2cc) returned 1 [0220.742] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KrCIJZxudvtCeY.doc.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KrCIJZxudvtCeY.doc.lnk", lpFilePart=0x0) returned 0x52 [0220.742] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KrCIJZxudvtCeY.doc.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KrCIJZxudvtCeY.doc.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0220.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.742] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KrCIJZxudvtCeY.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\krcijzxudvtcey.doc.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb37d51, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x17f38d5c, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x17f38d5c, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x51e)) returned 1 [0220.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.743] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KrCIJZxudvtCeY.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\krcijzxudvtcey.doc.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KrCIJZxudvtCeY.doc.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\krcijzxudvtcey.doc.lnk.rtcrypted")) returned 1 [0220.830] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.831] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.831] GetFileType (hFile=0x2cc) returned 0x1 [0220.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.831] GetFileType (hFile=0x2cc) returned 0x1 [0220.831] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x254f [0220.832] WriteFile (in: hFile=0x2cc, lpBuffer=0x21c4678*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21c4678*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0220.832] CloseHandle (hObject=0x2cc) returned 1 [0220.835] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.835] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Kx8A.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Kx8A.lnk", lpFilePart=0x0) returned 0x44 [0220.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.836] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Kx8A.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\kx8a.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.836] GetFileType (hFile=0x2cc) returned 0x1 [0220.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.836] GetFileType (hFile=0x2cc) returned 0x1 [0220.837] ReadFile (in: hFile=0x2cc, lpBuffer=0x21c5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21c5c10*, lpNumberOfBytesRead=0x15edd8*=0x43e, lpOverlapped=0x0) returned 1 [0220.837] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.837] WriteFile (in: hFile=0x2cc, lpBuffer=0x21c5c10*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21c5c10*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.849] CloseHandle (hObject=0x2cc) returned 1 [0220.851] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Kx8A.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Kx8A.lnk", lpFilePart=0x0) returned 0x44 [0220.851] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Kx8A.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Kx8A.lnk.rtcrypted", lpFilePart=0x0) returned 0x4e [0220.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.852] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Kx8A.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\kx8a.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x962f62, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x18043e52, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1801d940, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x43e)) returned 1 [0220.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.852] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Kx8A.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\kx8a.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Kx8A.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\kx8a.lnk.rtcrypted")) returned 1 [0220.855] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.855] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.856] GetFileType (hFile=0x2cc) returned 0x1 [0220.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.856] GetFileType (hFile=0x2cc) returned 0x1 [0220.856] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x25a2 [0220.857] WriteFile (in: hFile=0x2cc, lpBuffer=0x21c8540*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21c8540*, lpNumberOfBytesWritten=0x15ecc8*=0x45, lpOverlapped=0x0) returned 1 [0220.857] CloseHandle (hObject=0x2cc) returned 1 [0220.860] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.860] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lbLbIV.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lbLbIV.lnk", lpFilePart=0x0) returned 0x46 [0220.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.861] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lbLbIV.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\lblbiv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.861] GetFileType (hFile=0x2cc) returned 0x1 [0220.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.861] GetFileType (hFile=0x2cc) returned 0x1 [0220.862] ReadFile (in: hFile=0x2cc, lpBuffer=0x21c9ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21c9ad8*, lpNumberOfBytesRead=0x15edd8*=0x464, lpOverlapped=0x0) returned 1 [0220.864] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.864] WriteFile (in: hFile=0x2cc, lpBuffer=0x21c9ad8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21c9ad8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.864] CloseHandle (hObject=0x2cc) returned 1 [0220.866] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lbLbIV.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lbLbIV.lnk", lpFilePart=0x0) returned 0x46 [0220.866] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lbLbIV.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lbLbIV.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0220.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.866] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lbLbIV.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\lblbiv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49574bc5, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x18069f4d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18069f4d, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x464)) returned 1 [0220.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.867] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lbLbIV.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\lblbiv.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lbLbIV.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\lblbiv.lnk.rtcrypted")) returned 1 [0220.870] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.871] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.871] GetFileType (hFile=0x2cc) returned 0x1 [0220.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.871] GetFileType (hFile=0x2cc) returned 0x1 [0220.871] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x25e7 [0220.872] WriteFile (in: hFile=0x2cc, lpBuffer=0x21cc418*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21cc418*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0220.872] CloseHandle (hObject=0x2cc) returned 1 [0220.967] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.968] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LFcvTFKle.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LFcvTFKle.lnk", lpFilePart=0x0) returned 0x49 [0220.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.968] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LFcvTFKle.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\lfcvtfkle.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.969] GetFileType (hFile=0x2cc) returned 0x1 [0220.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.969] GetFileType (hFile=0x2cc) returned 0x1 [0220.969] ReadFile (in: hFile=0x2cc, lpBuffer=0x21cd9c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21cd9c0*, lpNumberOfBytesRead=0x15edd8*=0x560, lpOverlapped=0x0) returned 1 [0220.970] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.970] WriteFile (in: hFile=0x2cc, lpBuffer=0x21cd9c0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21cd9c0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.971] CloseHandle (hObject=0x2cc) returned 1 [0220.972] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LFcvTFKle.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LFcvTFKle.lnk", lpFilePart=0x0) returned 0x49 [0220.973] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LFcvTFKle.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LFcvTFKle.lnk.rtcrypted", lpFilePart=0x0) returned 0x53 [0220.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.973] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LFcvTFKle.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\lfcvtfkle.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0d472ad, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18174ecb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18174ecb, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x560)) returned 1 [0220.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.973] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LFcvTFKle.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\lfcvtfkle.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LFcvTFKle.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\lfcvtfkle.lnk.rtcrypted")) returned 1 [0220.975] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.975] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.976] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.976] GetFileType (hFile=0x2cc) returned 0x1 [0220.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.976] GetFileType (hFile=0x2cc) returned 0x1 [0220.976] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x262e [0220.977] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d0310*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21d0310*, lpNumberOfBytesWritten=0x15ecc8*=0x4a, lpOverlapped=0x0) returned 1 [0220.977] CloseHandle (hObject=0x2cc) returned 1 [0220.981] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.982] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LUnjpDpKTSnQmwR3f6Nd.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LUnjpDpKTSnQmwR3f6Nd.lnk", lpFilePart=0x0) returned 0x54 [0220.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0220.982] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LUnjpDpKTSnQmwR3f6Nd.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\lunjpdpktsnqmwr3f6nd.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0220.983] GetFileType (hFile=0x2cc) returned 0x1 [0220.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0220.983] GetFileType (hFile=0x2cc) returned 0x1 [0220.983] ReadFile (in: hFile=0x2cc, lpBuffer=0x21d18e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21d18e8*, lpNumberOfBytesRead=0x15edd8*=0x40f, lpOverlapped=0x0) returned 1 [0220.984] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0220.984] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d18e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21d18e8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0220.984] CloseHandle (hObject=0x2cc) returned 1 [0220.985] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LUnjpDpKTSnQmwR3f6Nd.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LUnjpDpKTSnQmwR3f6Nd.lnk", lpFilePart=0x0) returned 0x54 [0220.986] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LUnjpDpKTSnQmwR3f6Nd.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LUnjpDpKTSnQmwR3f6Nd.lnk.rtcrypted", lpFilePart=0x0) returned 0x5e [0220.986] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0220.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LUnjpDpKTSnQmwR3f6Nd.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\lunjpdpktsnqmwr3f6nd.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5207cd12, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x1819c81a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1819c81a, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x40f)) returned 1 [0220.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0220.986] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LUnjpDpKTSnQmwR3f6Nd.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\lunjpdpktsnqmwr3f6nd.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LUnjpDpKTSnQmwR3f6Nd.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\lunjpdpktsnqmwr3f6nd.lnk.rtcrypted")) returned 1 [0220.988] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0220.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0220.989] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0220.989] GetFileType (hFile=0x2cc) returned 0x1 [0220.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0220.989] GetFileType (hFile=0x2cc) returned 0x1 [0220.989] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2678 [0220.990] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d4298*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21d4298*, lpNumberOfBytesWritten=0x15ecc8*=0x55, lpOverlapped=0x0) returned 1 [0220.990] CloseHandle (hObject=0x2cc) returned 1 [0220.993] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0220.993] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l_tj4.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l_tj4.lnk", lpFilePart=0x0) returned 0x45 [0220.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.015] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l_tj4.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\l_tj4.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.016] GetFileType (hFile=0x2cc) returned 0x1 [0221.016] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.016] GetFileType (hFile=0x2cc) returned 0x1 [0221.016] ReadFile (in: hFile=0x2cc, lpBuffer=0x21d5830, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21d5830*, lpNumberOfBytesRead=0x15edd8*=0x425, lpOverlapped=0x0) returned 1 [0221.017] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.017] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d5830*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21d5830*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.017] CloseHandle (hObject=0x2cc) returned 1 [0221.019] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l_tj4.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l_tj4.lnk", lpFilePart=0x0) returned 0x45 [0221.019] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l_tj4.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l_tj4.lnk.rtcrypted", lpFilePart=0x0) returned 0x4f [0221.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.019] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l_tj4.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\l_tj4.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde983ca6, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x181e765e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x181e765e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x425)) returned 1 [0221.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.019] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l_tj4.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\l_tj4.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l_tj4.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\l_tj4.lnk.rtcrypted")) returned 1 [0221.021] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.022] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.022] GetFileType (hFile=0x2cc) returned 0x1 [0221.022] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.022] GetFileType (hFile=0x2cc) returned 0x1 [0221.024] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x26cd [0221.024] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d8160*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21d8160*, lpNumberOfBytesWritten=0x15ecc8*=0x46, lpOverlapped=0x0) returned 1 [0221.025] CloseHandle (hObject=0x2cc) returned 1 [0221.027] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.028] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m62mMrqX1.pptx.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m62mMrqX1.pptx.lnk", lpFilePart=0x0) returned 0x4e [0221.028] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.029] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m62mMrqX1.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\m62mmrqx1.pptx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.029] GetFileType (hFile=0x2cc) returned 0x1 [0221.029] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.029] GetFileType (hFile=0x2cc) returned 0x1 [0221.030] ReadFile (in: hFile=0x2cc, lpBuffer=0x21d9718, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21d9718*, lpNumberOfBytesRead=0x15edd8*=0x3d2, lpOverlapped=0x0) returned 1 [0221.031] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.031] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d9718*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21d9718*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.031] CloseHandle (hObject=0x2cc) returned 1 [0221.035] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m62mMrqX1.pptx.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m62mMrqX1.pptx.lnk", lpFilePart=0x0) returned 0x4e [0221.035] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m62mMrqX1.pptx.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m62mMrqX1.pptx.lnk.rtcrypted", lpFilePart=0x0) returned 0x58 [0221.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.035] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m62mMrqX1.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\m62mmrqx1.pptx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d6e5c9, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x1820e6a1, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1820e6a1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3d2)) returned 1 [0221.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.035] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m62mMrqX1.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\m62mmrqx1.pptx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m62mMrqX1.pptx.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\m62mmrqx1.pptx.lnk.rtcrypted")) returned 1 [0221.037] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.038] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.038] GetFileType (hFile=0x2cc) returned 0x1 [0221.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.038] GetFileType (hFile=0x2cc) returned 0x1 [0221.038] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2713 [0221.039] WriteFile (in: hFile=0x2cc, lpBuffer=0x21dc8b0*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21dc8b0*, lpNumberOfBytesWritten=0x15ecc8*=0x4f, lpOverlapped=0x0) returned 1 [0221.039] CloseHandle (hObject=0x2cc) returned 1 [0221.042] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.042] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MfGYDk9Y.ppt.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MfGYDk9Y.ppt.lnk", lpFilePart=0x0) returned 0x4c [0221.042] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.043] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MfGYDk9Y.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mfgydk9y.ppt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.043] GetFileType (hFile=0x2cc) returned 0x1 [0221.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.043] GetFileType (hFile=0x2cc) returned 0x1 [0221.044] ReadFile (in: hFile=0x2cc, lpBuffer=0x21dde68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21dde68*, lpNumberOfBytesRead=0x15edd8*=0x3e2, lpOverlapped=0x0) returned 1 [0221.044] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.044] WriteFile (in: hFile=0x2cc, lpBuffer=0x21dde68*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21dde68*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.044] CloseHandle (hObject=0x2cc) returned 1 [0221.045] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MfGYDk9Y.ppt.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MfGYDk9Y.ppt.lnk", lpFilePart=0x0) returned 0x4c [0221.045] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MfGYDk9Y.ppt.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MfGYDk9Y.ppt.lnk.rtcrypted", lpFilePart=0x0) returned 0x56 [0221.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.046] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MfGYDk9Y.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mfgydk9y.ppt.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc985da4, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18233ac4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18233ac4, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3e2)) returned 1 [0221.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.046] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MfGYDk9Y.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mfgydk9y.ppt.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MfGYDk9Y.ppt.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mfgydk9y.ppt.lnk.rtcrypted")) returned 1 [0221.048] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.048] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.048] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.048] GetFileType (hFile=0x2cc) returned 0x1 [0221.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.048] GetFileType (hFile=0x2cc) returned 0x1 [0221.048] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2762 [0221.049] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e07d8*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21e07d8*, lpNumberOfBytesWritten=0x15ecc8*=0x4d, lpOverlapped=0x0) returned 1 [0221.049] CloseHandle (hObject=0x2cc) returned 1 [0221.051] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.052] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mL-gKRrD1UEPkt.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mL-gKRrD1UEPkt.lnk", lpFilePart=0x0) returned 0x4e [0221.052] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.052] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mL-gKRrD1UEPkt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ml-gkrrd1uepkt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.052] GetFileType (hFile=0x2cc) returned 0x1 [0221.052] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.053] GetFileType (hFile=0x2cc) returned 0x1 [0221.053] ReadFile (in: hFile=0x2cc, lpBuffer=0x21e1d90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21e1d90*, lpNumberOfBytesRead=0x15edd8*=0x3ad, lpOverlapped=0x0) returned 1 [0221.053] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.054] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e1d90*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21e1d90*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.054] CloseHandle (hObject=0x2cc) returned 1 [0221.055] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mL-gKRrD1UEPkt.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mL-gKRrD1UEPkt.lnk", lpFilePart=0x0) returned 0x4e [0221.056] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mL-gKRrD1UEPkt.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mL-gKRrD1UEPkt.lnk.rtcrypted", lpFilePart=0x0) returned 0x58 [0221.056] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.056] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mL-gKRrD1UEPkt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ml-gkrrd1uepkt.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ef1517, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x18233ac4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18233ac4, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3ad)) returned 1 [0221.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.056] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mL-gKRrD1UEPkt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ml-gkrrd1uepkt.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mL-gKRrD1UEPkt.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ml-gkrrd1uepkt.lnk.rtcrypted")) returned 1 [0221.071] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.071] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.071] GetFileType (hFile=0x2cc) returned 0x1 [0221.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.071] GetFileType (hFile=0x2cc) returned 0x1 [0221.072] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x27af [0221.073] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e4710*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21e4710*, lpNumberOfBytesWritten=0x15ecc8*=0x4f, lpOverlapped=0x0) returned 1 [0221.073] CloseHandle (hObject=0x2cc) returned 1 [0221.075] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.076] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mLpk6DQaJ9.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mLpk6DQaJ9.lnk", lpFilePart=0x0) returned 0x4a [0221.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.076] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mLpk6DQaJ9.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mlpk6dqaj9.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.077] GetFileType (hFile=0x2cc) returned 0x1 [0221.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.077] GetFileType (hFile=0x2cc) returned 0x1 [0221.077] ReadFile (in: hFile=0x2cc, lpBuffer=0x21e5cb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21e5cb8*, lpNumberOfBytesRead=0x15edd8*=0x422, lpOverlapped=0x0) returned 1 [0221.078] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.078] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e5cb8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21e5cb8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.078] CloseHandle (hObject=0x2cc) returned 1 [0221.079] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mLpk6DQaJ9.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mLpk6DQaJ9.lnk", lpFilePart=0x0) returned 0x4a [0221.079] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mLpk6DQaJ9.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mLpk6DQaJ9.lnk.rtcrypted", lpFilePart=0x0) returned 0x54 [0221.080] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.080] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mLpk6DQaJ9.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mlpk6dqaj9.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4028c8c7, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x1827ff2e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1827ff2e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x422)) returned 1 [0221.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.080] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mLpk6DQaJ9.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mlpk6dqaj9.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mLpk6DQaJ9.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mlpk6dqaj9.lnk.rtcrypted")) returned 1 [0221.081] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.082] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.082] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.082] GetFileType (hFile=0x2cc) returned 0x1 [0221.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.082] GetFileType (hFile=0x2cc) returned 0x1 [0221.082] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x27fe [0221.083] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e8618*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21e8618*, lpNumberOfBytesWritten=0x15ecc8*=0x4b, lpOverlapped=0x0) returned 1 [0221.083] CloseHandle (hObject=0x2cc) returned 1 [0221.085] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.085] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MOoazXE175u-tWOUa.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MOoazXE175u-tWOUa.lnk", lpFilePart=0x0) returned 0x51 [0221.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.086] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MOoazXE175u-tWOUa.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mooazxe175u-twoua.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.086] GetFileType (hFile=0x2cc) returned 0x1 [0221.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.086] GetFileType (hFile=0x2cc) returned 0x1 [0221.087] ReadFile (in: hFile=0x2cc, lpBuffer=0x21e9be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21e9be0*, lpNumberOfBytesRead=0x15edd8*=0x483, lpOverlapped=0x0) returned 1 [0221.089] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.089] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e9be0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21e9be0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.089] CloseHandle (hObject=0x2cc) returned 1 [0221.090] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MOoazXE175u-tWOUa.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MOoazXE175u-tWOUa.lnk", lpFilePart=0x0) returned 0x51 [0221.090] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MOoazXE175u-tWOUa.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MOoazXE175u-tWOUa.lnk.rtcrypted", lpFilePart=0x0) returned 0x5b [0221.090] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MOoazXE175u-tWOUa.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mooazxe175u-twoua.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd810f582, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x182a5fb9, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x182a5fb9, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x483)) returned 1 [0221.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.091] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MOoazXE175u-tWOUa.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mooazxe175u-twoua.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MOoazXE175u-tWOUa.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mooazxe175u-twoua.lnk.rtcrypted")) returned 1 [0221.093] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.093] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.093] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.094] GetFileType (hFile=0x2cc) returned 0x1 [0221.094] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.094] GetFileType (hFile=0x2cc) returned 0x1 [0221.094] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2849 [0221.094] WriteFile (in: hFile=0x2cc, lpBuffer=0x21ec570*, nNumberOfBytesToWrite=0x52, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21ec570*, lpNumberOfBytesWritten=0x15ecc8*=0x52, lpOverlapped=0x0) returned 1 [0221.095] CloseHandle (hObject=0x2cc) returned 1 [0221.097] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.097] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Music.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Music.lnk", lpFilePart=0x0) returned 0x45 [0221.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.098] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Music.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\music.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.098] GetFileType (hFile=0x2cc) returned 0x1 [0221.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.098] GetFileType (hFile=0x2cc) returned 0x1 [0221.099] ReadFile (in: hFile=0x2cc, lpBuffer=0x21edb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21edb08*, lpNumberOfBytesRead=0x15edd8*=0x2e9, lpOverlapped=0x0) returned 1 [0221.099] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.099] WriteFile (in: hFile=0x2cc, lpBuffer=0x21edb08*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21edb08*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.099] CloseHandle (hObject=0x2cc) returned 1 [0221.100] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Music.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Music.lnk", lpFilePart=0x0) returned 0x45 [0221.100] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Music.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Music.lnk.rtcrypted", lpFilePart=0x0) returned 0x4f [0221.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Music.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\music.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea3cdd3e, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x182a5fb9, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x182a5fb9, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2e9)) returned 1 [0221.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.101] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Music.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\music.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Music.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\music.lnk.rtcrypted")) returned 1 [0221.103] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.103] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.125] GetFileType (hFile=0x2cc) returned 0x1 [0221.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.125] GetFileType (hFile=0x2cc) returned 0x1 [0221.125] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x289b [0221.126] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f0438*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21f0438*, lpNumberOfBytesWritten=0x15ecc8*=0x46, lpOverlapped=0x0) returned 1 [0221.126] CloseHandle (hObject=0x2cc) returned 1 [0221.128] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.129] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MV73nxGICe.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MV73nxGICe.lnk", lpFilePart=0x0) returned 0x4a [0221.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.129] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MV73nxGICe.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mv73nxgice.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.129] GetFileType (hFile=0x2cc) returned 0x1 [0221.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.130] GetFileType (hFile=0x2cc) returned 0x1 [0221.130] ReadFile (in: hFile=0x2cc, lpBuffer=0x21f19e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21f19e0*, lpNumberOfBytesRead=0x15edd8*=0x3ec, lpOverlapped=0x0) returned 1 [0221.130] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.131] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f19e0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21f19e0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.131] CloseHandle (hObject=0x2cc) returned 1 [0221.132] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MV73nxGICe.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MV73nxGICe.lnk", lpFilePart=0x0) returned 0x4a [0221.132] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MV73nxGICe.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MV73nxGICe.lnk.rtcrypted", lpFilePart=0x0) returned 0x54 [0221.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.132] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MV73nxGICe.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mv73nxgice.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1efa73, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x182f2664, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x182f2664, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3ec)) returned 1 [0221.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.133] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MV73nxGICe.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mv73nxgice.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MV73nxGICe.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\mv73nxgice.lnk.rtcrypted")) returned 1 [0221.134] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.136] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.136] GetFileType (hFile=0x2cc) returned 0x1 [0221.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.136] GetFileType (hFile=0x2cc) returned 0x1 [0221.136] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x28e1 [0221.137] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f4340*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21f4340*, lpNumberOfBytesWritten=0x15ecc8*=0x4b, lpOverlapped=0x0) returned 1 [0221.137] CloseHandle (hObject=0x2cc) returned 1 [0221.139] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.139] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N8uzo0.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N8uzo0.lnk", lpFilePart=0x0) returned 0x46 [0221.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.140] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N8uzo0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\n8uzo0.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.140] GetFileType (hFile=0x2cc) returned 0x1 [0221.140] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.140] GetFileType (hFile=0x2cc) returned 0x1 [0221.141] ReadFile (in: hFile=0x2cc, lpBuffer=0x21f58d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21f58d8*, lpNumberOfBytesRead=0x15edd8*=0x27b, lpOverlapped=0x0) returned 1 [0221.141] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.141] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f58d8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21f58d8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.142] CloseHandle (hObject=0x2cc) returned 1 [0221.143] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N8uzo0.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N8uzo0.lnk", lpFilePart=0x0) returned 0x46 [0221.143] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N8uzo0.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N8uzo0.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0221.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.143] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N8uzo0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\n8uzo0.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc297a6b, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18318a13, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18318a13, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x27b)) returned 1 [0221.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.143] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N8uzo0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\n8uzo0.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N8uzo0.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\n8uzo0.lnk.rtcrypted")) returned 1 [0221.147] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.148] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.148] GetFileType (hFile=0x2cc) returned 0x1 [0221.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.148] GetFileType (hFile=0x2cc) returned 0x1 [0221.148] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x292c [0221.149] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f8218*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21f8218*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0221.149] CloseHandle (hObject=0x2cc) returned 1 [0221.152] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.152] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\novXISG4jJT9ZShRo.ods.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\novXISG4jJT9ZShRo.ods.lnk", lpFilePart=0x0) returned 0x55 [0221.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.153] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\novXISG4jJT9ZShRo.ods.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\novxisg4jjt9zshro.ods.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.153] GetFileType (hFile=0x2cc) returned 0x1 [0221.153] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.153] GetFileType (hFile=0x2cc) returned 0x1 [0221.154] ReadFile (in: hFile=0x2cc, lpBuffer=0x21f97f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21f97f0*, lpNumberOfBytesRead=0x15edd8*=0x46c, lpOverlapped=0x0) returned 1 [0221.154] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.154] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f97f0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21f97f0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.155] CloseHandle (hObject=0x2cc) returned 1 [0221.156] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\novXISG4jJT9ZShRo.ods.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\novXISG4jJT9ZShRo.ods.lnk", lpFilePart=0x0) returned 0x55 [0221.156] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\novXISG4jJT9ZShRo.ods.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\novXISG4jJT9ZShRo.ods.lnk.rtcrypted", lpFilePart=0x0) returned 0x5f [0221.157] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\novXISG4jJT9ZShRo.ods.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\novxisg4jjt9zshro.ods.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0515400, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1833f100, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1833f100, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x46c)) returned 1 [0221.157] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.157] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\novXISG4jJT9ZShRo.ods.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\novxisg4jjt9zshro.ods.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\novXISG4jJT9ZShRo.ods.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\novxisg4jjt9zshro.ods.lnk.rtcrypted")) returned 1 [0221.159] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.159] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.159] GetFileType (hFile=0x2cc) returned 0x1 [0221.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.160] GetFileType (hFile=0x2cc) returned 0x1 [0221.160] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2973 [0221.160] WriteFile (in: hFile=0x2cc, lpBuffer=0x21fc1a0*, nNumberOfBytesToWrite=0x56, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21fc1a0*, lpNumberOfBytesWritten=0x15ecc8*=0x56, lpOverlapped=0x0) returned 1 [0221.161] CloseHandle (hObject=0x2cc) returned 1 [0221.163] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.163] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oBVXWpqYBK.pptx.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oBVXWpqYBK.pptx.lnk", lpFilePart=0x0) returned 0x4f [0221.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.164] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oBVXWpqYBK.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\obvxwpqybk.pptx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.164] GetFileType (hFile=0x2cc) returned 0x1 [0221.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.164] GetFileType (hFile=0x2cc) returned 0x1 [0221.164] ReadFile (in: hFile=0x2cc, lpBuffer=0x21fd758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21fd758*, lpNumberOfBytesRead=0x15edd8*=0x3d7, lpOverlapped=0x0) returned 1 [0221.165] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.165] WriteFile (in: hFile=0x2cc, lpBuffer=0x21fd758*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21fd758*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.165] CloseHandle (hObject=0x2cc) returned 1 [0221.183] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oBVXWpqYBK.pptx.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oBVXWpqYBK.pptx.lnk", lpFilePart=0x0) returned 0x4f [0221.183] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oBVXWpqYBK.pptx.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oBVXWpqYBK.pptx.lnk.rtcrypted", lpFilePart=0x0) returned 0x59 [0221.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.183] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oBVXWpqYBK.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\obvxwpqybk.pptx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe6df57e, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1833f100, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1833f100, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3d7)) returned 1 [0221.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.183] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oBVXWpqYBK.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\obvxwpqybk.pptx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oBVXWpqYBK.pptx.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\obvxwpqybk.pptx.lnk.rtcrypted")) returned 1 [0221.185] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.186] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.186] GetFileType (hFile=0x2cc) returned 0x1 [0221.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.186] GetFileType (hFile=0x2cc) returned 0x1 [0221.186] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x29c9 [0221.187] WriteFile (in: hFile=0x2cc, lpBuffer=0x22000e0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22000e0*, lpNumberOfBytesWritten=0x15ecc8*=0x50, lpOverlapped=0x0) returned 1 [0221.187] CloseHandle (hObject=0x2cc) returned 1 [0221.189] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.189] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oByX88izFWIaL4.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oByX88izFWIaL4.lnk", lpFilePart=0x0) returned 0x4e [0221.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.190] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oByX88izFWIaL4.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\obyx88izfwial4.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.190] GetFileType (hFile=0x2cc) returned 0x1 [0221.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.190] GetFileType (hFile=0x2cc) returned 0x1 [0221.191] ReadFile (in: hFile=0x2cc, lpBuffer=0x2201698, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2201698*, lpNumberOfBytesRead=0x15edd8*=0x43b, lpOverlapped=0x0) returned 1 [0221.191] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.191] WriteFile (in: hFile=0x2cc, lpBuffer=0x2201698*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2201698*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.192] CloseHandle (hObject=0x2cc) returned 1 [0221.193] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oByX88izFWIaL4.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oByX88izFWIaL4.lnk", lpFilePart=0x0) returned 0x4e [0221.193] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oByX88izFWIaL4.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oByX88izFWIaL4.lnk.rtcrypted", lpFilePart=0x0) returned 0x58 [0221.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.193] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oByX88izFWIaL4.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\obyx88izfwial4.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec72349d, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1838ae79, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1838ae79, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x43b)) returned 1 [0221.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.193] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oByX88izFWIaL4.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\obyx88izfwial4.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oByX88izFWIaL4.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\obyx88izfwial4.lnk.rtcrypted")) returned 1 [0221.195] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.196] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.196] GetFileType (hFile=0x2cc) returned 0x1 [0221.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.196] GetFileType (hFile=0x2cc) returned 0x1 [0221.196] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2a19 [0221.197] WriteFile (in: hFile=0x2cc, lpBuffer=0x2204018*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2204018*, lpNumberOfBytesWritten=0x15ecc8*=0x4f, lpOverlapped=0x0) returned 1 [0221.198] CloseHandle (hObject=0x2cc) returned 1 [0221.200] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.201] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oGnP UReG2.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oGnP UReG2.flv.lnk", lpFilePart=0x0) returned 0x4e [0221.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.201] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oGnP UReG2.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ognp ureg2.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.201] GetFileType (hFile=0x2cc) returned 0x1 [0221.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.201] GetFileType (hFile=0x2cc) returned 0x1 [0221.202] ReadFile (in: hFile=0x2cc, lpBuffer=0x22055d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22055d0*, lpNumberOfBytesRead=0x15edd8*=0x3bb, lpOverlapped=0x0) returned 1 [0221.202] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.202] WriteFile (in: hFile=0x2cc, lpBuffer=0x22055d0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22055d0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.203] CloseHandle (hObject=0x2cc) returned 1 [0221.204] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oGnP UReG2.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oGnP UReG2.flv.lnk", lpFilePart=0x0) returned 0x4e [0221.204] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oGnP UReG2.flv.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oGnP UReG2.flv.lnk.rtcrypted", lpFilePart=0x0) returned 0x58 [0221.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.204] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oGnP UReG2.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ognp ureg2.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff7a75af, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x183b1399, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x183b1399, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3bb)) returned 1 [0221.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.205] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oGnP UReG2.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ognp ureg2.flv.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oGnP UReG2.flv.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ognp ureg2.flv.lnk.rtcrypted")) returned 1 [0221.206] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.207] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.207] GetFileType (hFile=0x2cc) returned 0x1 [0221.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.207] GetFileType (hFile=0x2cc) returned 0x1 [0221.207] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2a68 [0221.208] WriteFile (in: hFile=0x2cc, lpBuffer=0x2207f50*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2207f50*, lpNumberOfBytesWritten=0x15ecc8*=0x4f, lpOverlapped=0x0) returned 1 [0221.208] CloseHandle (hObject=0x2cc) returned 1 [0221.210] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.210] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ogw4Mz9WHOq.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ogw4Mz9WHOq.lnk", lpFilePart=0x0) returned 0x4b [0221.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.211] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ogw4Mz9WHOq.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ogw4mz9whoq.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.211] GetFileType (hFile=0x2cc) returned 0x1 [0221.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.211] GetFileType (hFile=0x2cc) returned 0x1 [0221.212] ReadFile (in: hFile=0x2cc, lpBuffer=0x22094f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22094f8*, lpNumberOfBytesRead=0x15edd8*=0x296, lpOverlapped=0x0) returned 1 [0221.212] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.212] WriteFile (in: hFile=0x2cc, lpBuffer=0x22094f8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22094f8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.214] CloseHandle (hObject=0x2cc) returned 1 [0221.215] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ogw4Mz9WHOq.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ogw4Mz9WHOq.lnk", lpFilePart=0x0) returned 0x4b [0221.215] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ogw4Mz9WHOq.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ogw4Mz9WHOq.lnk.rtcrypted", lpFilePart=0x0) returned 0x55 [0221.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.215] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ogw4Mz9WHOq.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ogw4mz9whoq.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1b79680, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x183d75a6, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x183b1399, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x296)) returned 1 [0221.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.215] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ogw4Mz9WHOq.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ogw4mz9whoq.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ogw4Mz9WHOq.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ogw4mz9whoq.lnk.rtcrypted")) returned 1 [0221.217] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.217] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.217] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.218] GetFileType (hFile=0x2cc) returned 0x1 [0221.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.218] GetFileType (hFile=0x2cc) returned 0x1 [0221.218] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2ab7 [0221.218] WriteFile (in: hFile=0x2cc, lpBuffer=0x220be60*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x220be60*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0221.219] CloseHandle (hObject=0x2cc) returned 1 [0221.221] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.221] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9 (2).lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9 (2).lnk", lpFilePart=0x0) returned 0x4d [0221.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.221] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9 (2).lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ogzrcboo9 (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.222] GetFileType (hFile=0x2cc) returned 0x1 [0221.222] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.222] GetFileType (hFile=0x2cc) returned 0x1 [0221.222] ReadFile (in: hFile=0x2cc, lpBuffer=0x220d400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x220d400*, lpNumberOfBytesRead=0x15edd8*=0x37b, lpOverlapped=0x0) returned 1 [0221.222] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.223] WriteFile (in: hFile=0x2cc, lpBuffer=0x220d400*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x220d400*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.223] CloseHandle (hObject=0x2cc) returned 1 [0221.224] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9 (2).lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9 (2).lnk", lpFilePart=0x0) returned 0x4d [0221.224] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9 (2).lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9 (2).lnk.rtcrypted", lpFilePart=0x0) returned 0x57 [0221.224] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.225] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9 (2).lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ogzrcboo9 (2).lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5278b1, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x183d75a6, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x183d75a6, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x37b)) returned 1 [0221.225] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.225] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9 (2).lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ogzrcboo9 (2).lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9 (2).lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ogzrcboo9 (2).lnk.rtcrypted")) returned 1 [0221.226] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.226] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.227] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.227] GetFileType (hFile=0x2cc) returned 0x1 [0221.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.227] GetFileType (hFile=0x2cc) returned 0x1 [0221.227] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2b03 [0221.228] WriteFile (in: hFile=0x2cc, lpBuffer=0x220fd88*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x220fd88*, lpNumberOfBytesWritten=0x15ecc8*=0x4e, lpOverlapped=0x0) returned 1 [0221.228] CloseHandle (hObject=0x2cc) returned 1 [0221.280] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.281] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9.lnk", lpFilePart=0x0) returned 0x49 [0221.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.281] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ogzrcboo9.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.282] GetFileType (hFile=0x2cc) returned 0x1 [0221.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.282] GetFileType (hFile=0x2cc) returned 0x1 [0221.282] ReadFile (in: hFile=0x2cc, lpBuffer=0x2242a10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2242a10*, lpNumberOfBytesRead=0x15edd8*=0x37b, lpOverlapped=0x0) returned 1 [0221.282] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.283] WriteFile (in: hFile=0x2cc, lpBuffer=0x2242a10*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2242a10*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.283] CloseHandle (hObject=0x2cc) returned 1 [0221.284] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9.lnk", lpFilePart=0x0) returned 0x49 [0221.284] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9.lnk.rtcrypted", lpFilePart=0x0) returned 0x53 [0221.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.285] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ogzrcboo9.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5200a599, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x1846fc4d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1846fc4d, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x37b)) returned 1 [0221.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.286] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ogzrcboo9.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ogzrcboo9.lnk.rtcrypted")) returned 1 [0221.288] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.288] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.289] GetFileType (hFile=0x2cc) returned 0x1 [0221.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.289] GetFileType (hFile=0x2cc) returned 0x1 [0221.289] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2b51 [0221.290] WriteFile (in: hFile=0x2cc, lpBuffer=0x2245360*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2245360*, lpNumberOfBytesWritten=0x15ecc8*=0x4a, lpOverlapped=0x0) returned 1 [0221.290] CloseHandle (hObject=0x2cc) returned 1 [0221.293] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.294] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ouGe8u.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ouGe8u.lnk", lpFilePart=0x0) returned 0x46 [0221.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.294] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ouGe8u.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ouge8u.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.295] GetFileType (hFile=0x2cc) returned 0x1 [0221.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.295] GetFileType (hFile=0x2cc) returned 0x1 [0221.295] ReadFile (in: hFile=0x2cc, lpBuffer=0x22468f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22468f8*, lpNumberOfBytesRead=0x15edd8*=0x517, lpOverlapped=0x0) returned 1 [0221.295] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.295] WriteFile (in: hFile=0x2cc, lpBuffer=0x22468f8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22468f8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.296] CloseHandle (hObject=0x2cc) returned 1 [0221.297] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ouGe8u.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ouGe8u.lnk", lpFilePart=0x0) returned 0x46 [0221.297] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ouGe8u.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ouGe8u.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0221.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.297] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ouGe8u.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ouge8u.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfb4a85c, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18496e90, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18496e90, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x517)) returned 1 [0221.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.297] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ouGe8u.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ouge8u.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ouGe8u.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ouge8u.lnk.rtcrypted")) returned 1 [0221.299] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.300] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.300] GetFileType (hFile=0x2cc) returned 0x1 [0221.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.300] GetFileType (hFile=0x2cc) returned 0x1 [0221.300] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2b9b [0221.301] WriteFile (in: hFile=0x2cc, lpBuffer=0x2249238*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2249238*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0221.301] CloseHandle (hObject=0x2cc) returned 1 [0221.303] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.304] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OvLGXdJo_8CMQ.doc.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OvLGXdJo_8CMQ.doc.lnk", lpFilePart=0x0) returned 0x51 [0221.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.304] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OvLGXdJo_8CMQ.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ovlgxdjo_8cmq.doc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.305] GetFileType (hFile=0x2cc) returned 0x1 [0221.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.305] GetFileType (hFile=0x2cc) returned 0x1 [0221.305] ReadFile (in: hFile=0x2cc, lpBuffer=0x224a800, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x224a800*, lpNumberOfBytesRead=0x15edd8*=0x3fb, lpOverlapped=0x0) returned 1 [0221.305] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.306] WriteFile (in: hFile=0x2cc, lpBuffer=0x224a800*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x224a800*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.306] CloseHandle (hObject=0x2cc) returned 1 [0221.308] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OvLGXdJo_8CMQ.doc.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OvLGXdJo_8CMQ.doc.lnk", lpFilePart=0x0) returned 0x51 [0221.308] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OvLGXdJo_8CMQ.doc.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OvLGXdJo_8CMQ.doc.lnk.rtcrypted", lpFilePart=0x0) returned 0x5b [0221.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.309] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OvLGXdJo_8CMQ.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ovlgxdjo_8cmq.doc.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34a0b53, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x184bc2e0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18496e90, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3fb)) returned 1 [0221.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.309] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OvLGXdJo_8CMQ.doc.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ovlgxdjo_8cmq.doc.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OvLGXdJo_8CMQ.doc.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ovlgxdjo_8cmq.doc.lnk.rtcrypted")) returned 1 [0221.311] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.311] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.311] GetFileType (hFile=0x2cc) returned 0x1 [0221.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.312] GetFileType (hFile=0x2cc) returned 0x1 [0221.312] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2be2 [0221.312] WriteFile (in: hFile=0x2cc, lpBuffer=0x224d190*, nNumberOfBytesToWrite=0x52, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x224d190*, lpNumberOfBytesWritten=0x15ecc8*=0x52, lpOverlapped=0x0) returned 1 [0221.313] CloseHandle (hObject=0x2cc) returned 1 [0221.315] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.316] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P Qbc4C6_8tW2SWaqVE.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P Qbc4C6_8tW2SWaqVE.xlsx.lnk", lpFilePart=0x0) returned 0x58 [0221.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.316] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P Qbc4C6_8tW2SWaqVE.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\p qbc4c6_8tw2swaqve.xlsx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.317] GetFileType (hFile=0x2cc) returned 0x1 [0221.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.317] GetFileType (hFile=0x2cc) returned 0x1 [0221.317] ReadFile (in: hFile=0x2cc, lpBuffer=0x224e778, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x224e778*, lpNumberOfBytesRead=0x15edd8*=0x404, lpOverlapped=0x0) returned 1 [0221.317] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.318] WriteFile (in: hFile=0x2cc, lpBuffer=0x224e778*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x224e778*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.318] CloseHandle (hObject=0x2cc) returned 1 [0221.319] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P Qbc4C6_8tW2SWaqVE.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P Qbc4C6_8tW2SWaqVE.xlsx.lnk", lpFilePart=0x0) returned 0x58 [0221.319] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P Qbc4C6_8tW2SWaqVE.xlsx.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P Qbc4C6_8tW2SWaqVE.xlsx.lnk.rtcrypted", lpFilePart=0x0) returned 0x62 [0221.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.319] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P Qbc4C6_8tW2SWaqVE.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\p qbc4c6_8tw2swaqve.xlsx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe12aec0c, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x184bc2e0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x184bc2e0, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x404)) returned 1 [0221.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.320] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P Qbc4C6_8tW2SWaqVE.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\p qbc4c6_8tw2swaqve.xlsx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P Qbc4C6_8tW2SWaqVE.xlsx.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\p qbc4c6_8tw2swaqve.xlsx.lnk.rtcrypted")) returned 1 [0221.321] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.322] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.396] GetFileType (hFile=0x2cc) returned 0x1 [0221.397] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.397] GetFileType (hFile=0x2cc) returned 0x1 [0221.397] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2c34 [0221.397] WriteFile (in: hFile=0x2cc, lpBuffer=0x225ebf0*, nNumberOfBytesToWrite=0x59, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x225ebf0*, lpNumberOfBytesWritten=0x15ecc8*=0x59, lpOverlapped=0x0) returned 1 [0221.398] CloseHandle (hObject=0x2cc) returned 1 [0221.400] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.401] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P4nhTG-oMiEDYv2EH.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P4nhTG-oMiEDYv2EH.lnk", lpFilePart=0x0) returned 0x51 [0221.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.402] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P4nhTG-oMiEDYv2EH.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\p4nhtg-omiedyv2eh.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.402] GetFileType (hFile=0x2cc) returned 0x1 [0221.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.402] GetFileType (hFile=0x2cc) returned 0x1 [0221.402] ReadFile (in: hFile=0x2cc, lpBuffer=0x22601b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22601b8*, lpNumberOfBytesRead=0x15edd8*=0x40f, lpOverlapped=0x0) returned 1 [0221.403] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.403] WriteFile (in: hFile=0x2cc, lpBuffer=0x22601b8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22601b8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.403] CloseHandle (hObject=0x2cc) returned 1 [0221.404] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P4nhTG-oMiEDYv2EH.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P4nhTG-oMiEDYv2EH.lnk", lpFilePart=0x0) returned 0x51 [0221.404] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P4nhTG-oMiEDYv2EH.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P4nhTG-oMiEDYv2EH.lnk.rtcrypted", lpFilePart=0x0) returned 0x5b [0221.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.405] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P4nhTG-oMiEDYv2EH.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\p4nhtg-omiedyv2eh.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c394c0, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x185a1306, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x185a1306, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x40f)) returned 1 [0221.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.405] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P4nhTG-oMiEDYv2EH.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\p4nhtg-omiedyv2eh.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P4nhTG-oMiEDYv2EH.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\p4nhtg-omiedyv2eh.lnk.rtcrypted")) returned 1 [0221.407] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.407] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.407] GetFileType (hFile=0x2cc) returned 0x1 [0221.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.407] GetFileType (hFile=0x2cc) returned 0x1 [0221.407] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2c8d [0221.408] WriteFile (in: hFile=0x2cc, lpBuffer=0x2262b48*, nNumberOfBytesToWrite=0x52, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2262b48*, lpNumberOfBytesWritten=0x15ecc8*=0x52, lpOverlapped=0x0) returned 1 [0221.408] CloseHandle (hObject=0x2cc) returned 1 [0221.410] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.410] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pictures.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pictures.lnk", lpFilePart=0x0) returned 0x48 [0221.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.411] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pictures.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\pictures.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.411] GetFileType (hFile=0x2cc) returned 0x1 [0221.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.411] GetFileType (hFile=0x2cc) returned 0x1 [0221.411] ReadFile (in: hFile=0x2cc, lpBuffer=0x22640f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22640f0*, lpNumberOfBytesRead=0x15edd8*=0x2fc, lpOverlapped=0x0) returned 1 [0221.412] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.412] WriteFile (in: hFile=0x2cc, lpBuffer=0x22640f0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22640f0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.412] CloseHandle (hObject=0x2cc) returned 1 [0221.413] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pictures.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pictures.lnk", lpFilePart=0x0) returned 0x48 [0221.413] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pictures.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pictures.lnk.rtcrypted", lpFilePart=0x0) returned 0x52 [0221.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.413] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pictures.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\pictures.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd9920e1, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x185a1306, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x185a1306, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2fc)) returned 1 [0221.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.414] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pictures.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\pictures.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pictures.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\pictures.lnk.rtcrypted")) returned 1 [0221.415] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.415] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.416] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.417] GetFileType (hFile=0x2cc) returned 0x1 [0221.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.417] GetFileType (hFile=0x2cc) returned 0x1 [0221.417] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2cdf [0221.417] WriteFile (in: hFile=0x2cc, lpBuffer=0x2266a40*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2266a40*, lpNumberOfBytesWritten=0x15ecc8*=0x49, lpOverlapped=0x0) returned 1 [0221.418] CloseHandle (hObject=0x2cc) returned 1 [0221.419] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.420] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PqsS9Gq RHGz.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PqsS9Gq RHGz.lnk", lpFilePart=0x0) returned 0x4c [0221.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.420] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PqsS9Gq RHGz.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\pqss9gq rhgz.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.420] GetFileType (hFile=0x2cc) returned 0x1 [0221.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.420] GetFileType (hFile=0x2cc) returned 0x1 [0221.421] ReadFile (in: hFile=0x2cc, lpBuffer=0x2267ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2267ff8*, lpNumberOfBytesRead=0x15edd8*=0x3d5, lpOverlapped=0x0) returned 1 [0221.421] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.421] WriteFile (in: hFile=0x2cc, lpBuffer=0x2267ff8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2267ff8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.422] CloseHandle (hObject=0x2cc) returned 1 [0221.423] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PqsS9Gq RHGz.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PqsS9Gq RHGz.lnk", lpFilePart=0x0) returned 0x4c [0221.423] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PqsS9Gq RHGz.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PqsS9Gq RHGz.lnk.rtcrypted", lpFilePart=0x0) returned 0x56 [0221.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.423] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PqsS9Gq RHGz.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\pqss9gq rhgz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x509ded3, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x185c74e6, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x185c74e6, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3d5)) returned 1 [0221.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.423] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PqsS9Gq RHGz.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\pqss9gq rhgz.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PqsS9Gq RHGz.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\pqss9gq rhgz.lnk.rtcrypted")) returned 1 [0221.425] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.425] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.426] GetFileType (hFile=0x2cc) returned 0x1 [0221.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.426] GetFileType (hFile=0x2cc) returned 0x1 [0221.426] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2d28 [0221.427] WriteFile (in: hFile=0x2cc, lpBuffer=0x226a968*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x226a968*, lpNumberOfBytesWritten=0x15ecc8*=0x4d, lpOverlapped=0x0) returned 1 [0221.427] CloseHandle (hObject=0x2cc) returned 1 [0221.429] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.429] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\prv-43xC-PpR5k.ppt.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\prv-43xC-PpR5k.ppt.lnk", lpFilePart=0x0) returned 0x52 [0221.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.430] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\prv-43xC-PpR5k.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\prv-43xc-ppr5k.ppt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.430] GetFileType (hFile=0x2cc) returned 0x1 [0221.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.430] GetFileType (hFile=0x2cc) returned 0x1 [0221.431] ReadFile (in: hFile=0x2cc, lpBuffer=0x226bf30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x226bf30*, lpNumberOfBytesRead=0x15edd8*=0x313, lpOverlapped=0x0) returned 1 [0221.431] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.431] WriteFile (in: hFile=0x2cc, lpBuffer=0x226bf30*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x226bf30*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.431] CloseHandle (hObject=0x2cc) returned 1 [0221.457] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\prv-43xC-PpR5k.ppt.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\prv-43xC-PpR5k.ppt.lnk", lpFilePart=0x0) returned 0x52 [0221.457] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\prv-43xC-PpR5k.ppt.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\prv-43xC-PpR5k.ppt.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0221.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.457] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\prv-43xC-PpR5k.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\prv-43xc-ppr5k.ppt.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9afa40, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x1861384d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x185c74e6, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x313)) returned 1 [0221.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.457] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\prv-43xC-PpR5k.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\prv-43xc-ppr5k.ppt.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\prv-43xC-PpR5k.ppt.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\prv-43xc-ppr5k.ppt.lnk.rtcrypted")) returned 1 [0221.460] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.460] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.460] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.461] GetFileType (hFile=0x2cc) returned 0x1 [0221.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.461] GetFileType (hFile=0x2cc) returned 0x1 [0221.461] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2d75 [0221.462] WriteFile (in: hFile=0x2cc, lpBuffer=0x226fb68*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x226fb68*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0221.462] CloseHandle (hObject=0x2cc) returned 1 [0221.465] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.465] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pUTUVKAK.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pUTUVKAK.xlsx.lnk", lpFilePart=0x0) returned 0x4d [0221.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.466] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pUTUVKAK.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\putuvkak.xlsx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.466] GetFileType (hFile=0x2cc) returned 0x1 [0221.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.467] GetFileType (hFile=0x2cc) returned 0x1 [0221.467] ReadFile (in: hFile=0x2cc, lpBuffer=0x2271108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2271108*, lpNumberOfBytesRead=0x15edd8*=0x45b, lpOverlapped=0x0) returned 1 [0221.467] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.467] WriteFile (in: hFile=0x2cc, lpBuffer=0x2271108*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2271108*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.468] CloseHandle (hObject=0x2cc) returned 1 [0221.469] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pUTUVKAK.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pUTUVKAK.xlsx.lnk", lpFilePart=0x0) returned 0x4d [0221.469] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pUTUVKAK.xlsx.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pUTUVKAK.xlsx.lnk.rtcrypted", lpFilePart=0x0) returned 0x57 [0221.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.469] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pUTUVKAK.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\putuvkak.xlsx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe508d790, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1863aa91, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1863aa91, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x45b)) returned 1 [0221.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.469] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pUTUVKAK.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\putuvkak.xlsx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pUTUVKAK.xlsx.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\putuvkak.xlsx.lnk.rtcrypted")) returned 1 [0221.471] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.472] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.472] GetFileType (hFile=0x2cc) returned 0x1 [0221.472] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.472] GetFileType (hFile=0x2cc) returned 0x1 [0221.472] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2dc8 [0221.473] WriteFile (in: hFile=0x2cc, lpBuffer=0x2273a90*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2273a90*, lpNumberOfBytesWritten=0x15ecc8*=0x4e, lpOverlapped=0x0) returned 1 [0221.473] CloseHandle (hObject=0x2cc) returned 1 [0221.476] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.476] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QCPL9rrlRNtbF01 0.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QCPL9rrlRNtbF01 0.lnk", lpFilePart=0x0) returned 0x51 [0221.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.477] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QCPL9rrlRNtbF01 0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\qcpl9rrlrntbf01 0.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.477] GetFileType (hFile=0x2cc) returned 0x1 [0221.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.477] GetFileType (hFile=0x2cc) returned 0x1 [0221.477] ReadFile (in: hFile=0x2cc, lpBuffer=0x2275040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2275040*, lpNumberOfBytesRead=0x15edd8*=0x4bb, lpOverlapped=0x0) returned 1 [0221.478] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.478] WriteFile (in: hFile=0x2cc, lpBuffer=0x2275040*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2275040*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.478] CloseHandle (hObject=0x2cc) returned 1 [0221.480] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QCPL9rrlRNtbF01 0.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QCPL9rrlRNtbF01 0.lnk", lpFilePart=0x0) returned 0x51 [0221.480] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QCPL9rrlRNtbF01 0.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QCPL9rrlRNtbF01 0.lnk.rtcrypted", lpFilePart=0x0) returned 0x5b [0221.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.480] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QCPL9rrlRNtbF01 0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\qcpl9rrlrntbf01 0.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe0e9291, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1865fe6d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1863aa91, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x4bb)) returned 1 [0221.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.480] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QCPL9rrlRNtbF01 0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\qcpl9rrlrntbf01 0.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QCPL9rrlRNtbF01 0.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\qcpl9rrlrntbf01 0.lnk.rtcrypted")) returned 1 [0221.482] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.483] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.483] GetFileType (hFile=0x2cc) returned 0x1 [0221.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.483] GetFileType (hFile=0x2cc) returned 0x1 [0221.483] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2e16 [0221.484] WriteFile (in: hFile=0x2cc, lpBuffer=0x22779e8*, nNumberOfBytesToWrite=0x52, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22779e8*, lpNumberOfBytesWritten=0x15ecc8*=0x52, lpOverlapped=0x0) returned 1 [0221.484] CloseHandle (hObject=0x2cc) returned 1 [0221.486] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.486] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qs6pMlaa5Rs-Y.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qs6pMlaa5Rs-Y.lnk", lpFilePart=0x0) returned 0x4d [0221.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.487] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qs6pMlaa5Rs-Y.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\qs6pmlaa5rs-y.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.487] GetFileType (hFile=0x2cc) returned 0x1 [0221.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.487] GetFileType (hFile=0x2cc) returned 0x1 [0221.488] ReadFile (in: hFile=0x2cc, lpBuffer=0x2278f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2278f88*, lpNumberOfBytesRead=0x15edd8*=0x53c, lpOverlapped=0x0) returned 1 [0221.488] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.488] WriteFile (in: hFile=0x2cc, lpBuffer=0x2278f88*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2278f88*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.488] CloseHandle (hObject=0x2cc) returned 1 [0221.489] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qs6pMlaa5Rs-Y.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qs6pMlaa5Rs-Y.lnk", lpFilePart=0x0) returned 0x4d [0221.489] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qs6pMlaa5Rs-Y.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qs6pMlaa5Rs-Y.lnk.rtcrypted", lpFilePart=0x0) returned 0x57 [0221.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.490] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qs6pMlaa5Rs-Y.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\qs6pmlaa5rs-y.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf6ed061, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1865fe6d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1865fe6d, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x53c)) returned 1 [0221.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.490] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qs6pMlaa5Rs-Y.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\qs6pmlaa5rs-y.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qs6pMlaa5Rs-Y.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\qs6pmlaa5rs-y.lnk.rtcrypted")) returned 1 [0221.492] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.492] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.492] GetFileType (hFile=0x2cc) returned 0x1 [0221.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.493] GetFileType (hFile=0x2cc) returned 0x1 [0221.493] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2e68 [0221.494] WriteFile (in: hFile=0x2cc, lpBuffer=0x227b910*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x227b910*, lpNumberOfBytesWritten=0x15ecc8*=0x4e, lpOverlapped=0x0) returned 1 [0221.501] CloseHandle (hObject=0x2cc) returned 1 [0221.503] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.503] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_HhEd.pptx.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_HhEd.pptx.lnk", lpFilePart=0x0) returned 0x4b [0221.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.504] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_HhEd.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\q_hhed.pptx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.504] GetFileType (hFile=0x2cc) returned 0x1 [0221.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.504] GetFileType (hFile=0x2cc) returned 0x1 [0221.504] ReadFile (in: hFile=0x2cc, lpBuffer=0x227cea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x227cea0*, lpNumberOfBytesRead=0x15edd8*=0x3c3, lpOverlapped=0x0) returned 1 [0221.505] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.505] WriteFile (in: hFile=0x2cc, lpBuffer=0x227cea0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x227cea0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.505] CloseHandle (hObject=0x2cc) returned 1 [0221.506] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_HhEd.pptx.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_HhEd.pptx.lnk", lpFilePart=0x0) returned 0x4b [0221.506] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_HhEd.pptx.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_HhEd.pptx.lnk.rtcrypted", lpFilePart=0x0) returned 0x55 [0221.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_HhEd.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\q_hhed.pptx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x185080a, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x18685e57, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18685e57, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3c3)) returned 1 [0221.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.507] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_HhEd.pptx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\q_hhed.pptx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_HhEd.pptx.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\q_hhed.pptx.lnk.rtcrypted")) returned 1 [0221.508] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.509] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.509] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.509] GetFileType (hFile=0x2cc) returned 0x1 [0221.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.509] GetFileType (hFile=0x2cc) returned 0x1 [0221.511] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2eb6 [0221.511] WriteFile (in: hFile=0x2cc, lpBuffer=0x227f820*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x227f820*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0221.512] CloseHandle (hObject=0x2cc) returned 1 [0221.514] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.514] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rFTl6BSzg_.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rFTl6BSzg_.lnk", lpFilePart=0x0) returned 0x4a [0221.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.515] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rFTl6BSzg_.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\rftl6bszg_.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.515] GetFileType (hFile=0x2cc) returned 0x1 [0221.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.515] GetFileType (hFile=0x2cc) returned 0x1 [0221.516] ReadFile (in: hFile=0x2cc, lpBuffer=0x2280db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2280db0*, lpNumberOfBytesRead=0x15edd8*=0x37b, lpOverlapped=0x0) returned 1 [0221.516] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.516] WriteFile (in: hFile=0x2cc, lpBuffer=0x2280db0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2280db0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.517] CloseHandle (hObject=0x2cc) returned 1 [0221.518] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rFTl6BSzg_.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rFTl6BSzg_.lnk", lpFilePart=0x0) returned 0x4a [0221.518] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rFTl6BSzg_.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rFTl6BSzg_.lnk.rtcrypted", lpFilePart=0x0) returned 0x54 [0221.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rFTl6BSzg_.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\rftl6bszg_.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4cade387, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x186ac506, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x186ac506, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x37b)) returned 1 [0221.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.519] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rFTl6BSzg_.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\rftl6bszg_.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rFTl6BSzg_.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\rftl6bszg_.lnk.rtcrypted")) returned 1 [0221.520] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.521] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.521] GetFileType (hFile=0x2cc) returned 0x1 [0221.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.521] GetFileType (hFile=0x2cc) returned 0x1 [0221.521] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2f02 [0221.522] WriteFile (in: hFile=0x2cc, lpBuffer=0x2283728*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2283728*, lpNumberOfBytesWritten=0x15ecc8*=0x4b, lpOverlapped=0x0) returned 1 [0221.523] CloseHandle (hObject=0x2cc) returned 1 [0221.525] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.525] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming (2).lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming (2).lnk", lpFilePart=0x0) returned 0x4b [0221.526] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.526] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming (2).lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\roaming (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.527] GetFileType (hFile=0x2cc) returned 0x1 [0221.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.527] GetFileType (hFile=0x2cc) returned 0x1 [0221.527] ReadFile (in: hFile=0x2cc, lpBuffer=0x2284cb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2284cb8*, lpNumberOfBytesRead=0x15edd8*=0x30f, lpOverlapped=0x0) returned 1 [0221.527] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.527] WriteFile (in: hFile=0x2cc, lpBuffer=0x2284cb8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2284cb8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.528] CloseHandle (hObject=0x2cc) returned 1 [0221.529] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming (2).lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming (2).lnk", lpFilePart=0x0) returned 0x4b [0221.529] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming (2).lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming (2).lnk.rtcrypted", lpFilePart=0x0) returned 0x55 [0221.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.530] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming (2).lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\roaming (2).lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e9b67b8, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x186d2380, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x186d2380, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x30f)) returned 1 [0221.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.530] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming (2).lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\roaming (2).lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming (2).lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\roaming (2).lnk.rtcrypted")) returned 1 [0221.546] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.547] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.547] GetFileType (hFile=0x2cc) returned 0x1 [0221.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.547] GetFileType (hFile=0x2cc) returned 0x1 [0221.548] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2f4d [0221.548] WriteFile (in: hFile=0x2cc, lpBuffer=0x2287638*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2287638*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0221.549] CloseHandle (hObject=0x2cc) returned 1 [0221.551] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.551] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk", lpFilePart=0x0) returned 0x47 [0221.551] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.552] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.552] GetFileType (hFile=0x2cc) returned 0x1 [0221.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.552] GetFileType (hFile=0x2cc) returned 0x1 [0221.553] ReadFile (in: hFile=0x2cc, lpBuffer=0x2288bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2288bb8*, lpNumberOfBytesRead=0x15edd8*=0x30f, lpOverlapped=0x0) returned 1 [0221.553] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.553] WriteFile (in: hFile=0x2cc, lpBuffer=0x2288bb8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2288bb8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.554] CloseHandle (hObject=0x2cc) returned 1 [0221.555] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk", lpFilePart=0x0) returned 0x47 [0221.555] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk.rtcrypted", lpFilePart=0x0) returned 0x51 [0221.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3df43cc3, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x186f8775, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x186f8775, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x30f)) returned 1 [0221.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.556] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk.rtcrypted")) returned 1 [0221.558] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.559] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.559] GetFileType (hFile=0x2cc) returned 0x1 [0221.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.559] GetFileType (hFile=0x2cc) returned 0x1 [0221.560] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2f99 [0221.561] WriteFile (in: hFile=0x2cc, lpBuffer=0x228b518*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x228b518*, lpNumberOfBytesWritten=0x15ecc8*=0x48, lpOverlapped=0x0) returned 1 [0221.561] CloseHandle (hObject=0x2cc) returned 1 [0221.563] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.563] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rSXGxtmLV1.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rSXGxtmLV1.lnk", lpFilePart=0x0) returned 0x4a [0221.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.564] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rSXGxtmLV1.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\rsxgxtmlv1.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.564] GetFileType (hFile=0x2cc) returned 0x1 [0221.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.565] GetFileType (hFile=0x2cc) returned 0x1 [0221.565] ReadFile (in: hFile=0x2cc, lpBuffer=0x228caa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x228caa8*, lpNumberOfBytesRead=0x15edd8*=0x291, lpOverlapped=0x0) returned 1 [0221.565] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.565] WriteFile (in: hFile=0x2cc, lpBuffer=0x228caa8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x228caa8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.566] CloseHandle (hObject=0x2cc) returned 1 [0221.567] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rSXGxtmLV1.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rSXGxtmLV1.lnk", lpFilePart=0x0) returned 0x4a [0221.567] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rSXGxtmLV1.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rSXGxtmLV1.lnk.rtcrypted", lpFilePart=0x0) returned 0x54 [0221.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.567] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rSXGxtmLV1.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\rsxgxtmlv1.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbef1346, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1871e959, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1871e959, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x291)) returned 1 [0221.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.567] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rSXGxtmLV1.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\rsxgxtmlv1.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rSXGxtmLV1.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\rsxgxtmlv1.lnk.rtcrypted")) returned 1 [0221.569] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.570] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.570] GetFileType (hFile=0x2cc) returned 0x1 [0221.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.570] GetFileType (hFile=0x2cc) returned 0x1 [0221.570] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x2fe1 [0221.571] WriteFile (in: hFile=0x2cc, lpBuffer=0x228f408*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x228f408*, lpNumberOfBytesWritten=0x15ecc8*=0x4b, lpOverlapped=0x0) returned 1 [0221.571] CloseHandle (hObject=0x2cc) returned 1 [0221.574] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.574] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3mDZhojg.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3mDZhojg.lnk", lpFilePart=0x0) returned 0x49 [0221.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.575] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3mDZhojg.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\s3mdzhojg.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.575] GetFileType (hFile=0x2cc) returned 0x1 [0221.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.575] GetFileType (hFile=0x2cc) returned 0x1 [0221.575] ReadFile (in: hFile=0x2cc, lpBuffer=0x22909b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22909b0*, lpNumberOfBytesRead=0x15edd8*=0x28c, lpOverlapped=0x0) returned 1 [0221.576] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.576] WriteFile (in: hFile=0x2cc, lpBuffer=0x22909b0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22909b0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.576] CloseHandle (hObject=0x2cc) returned 1 [0221.577] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3mDZhojg.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3mDZhojg.lnk", lpFilePart=0x0) returned 0x49 [0221.577] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3mDZhojg.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3mDZhojg.lnk.rtcrypted", lpFilePart=0x0) returned 0x53 [0221.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3mDZhojg.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\s3mdzhojg.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb96938a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18744f72, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18744f72, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x28c)) returned 1 [0221.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.578] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3mDZhojg.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\s3mdzhojg.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3mDZhojg.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\s3mdzhojg.lnk.rtcrypted")) returned 1 [0221.579] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.580] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.580] GetFileType (hFile=0x2cc) returned 0x1 [0221.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.580] GetFileType (hFile=0x2cc) returned 0x1 [0221.581] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x302c [0221.581] WriteFile (in: hFile=0x2cc, lpBuffer=0x2293300*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2293300*, lpNumberOfBytesWritten=0x15ecc8*=0x4a, lpOverlapped=0x0) returned 1 [0221.581] CloseHandle (hObject=0x2cc) returned 1 [0221.583] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.584] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s6LOWfDyf84Fy2ur3.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s6LOWfDyf84Fy2ur3.lnk", lpFilePart=0x0) returned 0x51 [0221.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.585] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s6LOWfDyf84Fy2ur3.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\s6lowfdyf84fy2ur3.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.585] GetFileType (hFile=0x2cc) returned 0x1 [0221.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.585] GetFileType (hFile=0x2cc) returned 0x1 [0221.585] ReadFile (in: hFile=0x2cc, lpBuffer=0x22948c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22948c8*, lpNumberOfBytesRead=0x15edd8*=0x4bb, lpOverlapped=0x0) returned 1 [0221.586] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.586] WriteFile (in: hFile=0x2cc, lpBuffer=0x22948c8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22948c8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.586] CloseHandle (hObject=0x2cc) returned 1 [0221.608] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s6LOWfDyf84Fy2ur3.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s6LOWfDyf84Fy2ur3.lnk", lpFilePart=0x0) returned 0x51 [0221.608] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s6LOWfDyf84Fy2ur3.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s6LOWfDyf84Fy2ur3.lnk.rtcrypted", lpFilePart=0x0) returned 0x5b [0221.608] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.608] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s6LOWfDyf84Fy2ur3.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\s6lowfdyf84fy2ur3.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2c3f42c, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18744f72, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18744f72, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x4bb)) returned 1 [0221.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.609] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s6LOWfDyf84Fy2ur3.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\s6lowfdyf84fy2ur3.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s6LOWfDyf84Fy2ur3.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\s6lowfdyf84fy2ur3.lnk.rtcrypted")) returned 1 [0221.612] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.612] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.613] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.613] GetFileType (hFile=0x2cc) returned 0x1 [0221.613] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.613] GetFileType (hFile=0x2cc) returned 0x1 [0221.613] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3076 [0221.614] WriteFile (in: hFile=0x2cc, lpBuffer=0x2297258*, nNumberOfBytesToWrite=0x52, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2297258*, lpNumberOfBytesWritten=0x15ecc8*=0x52, lpOverlapped=0x0) returned 1 [0221.614] CloseHandle (hObject=0x2cc) returned 1 [0221.629] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.630] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ScFVHzsefvu1Kt2J0.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ScFVHzsefvu1Kt2J0.lnk", lpFilePart=0x0) returned 0x51 [0221.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.630] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ScFVHzsefvu1Kt2J0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\scfvhzsefvu1kt2j0.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.631] GetFileType (hFile=0x2cc) returned 0x1 [0221.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.631] GetFileType (hFile=0x2cc) returned 0x1 [0221.631] ReadFile (in: hFile=0x2cc, lpBuffer=0x2298820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2298820*, lpNumberOfBytesRead=0x15edd8*=0x6ab, lpOverlapped=0x0) returned 1 [0221.631] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.631] WriteFile (in: hFile=0x2cc, lpBuffer=0x2298820*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2298820*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.632] CloseHandle (hObject=0x2cc) returned 1 [0221.635] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ScFVHzsefvu1Kt2J0.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ScFVHzsefvu1Kt2J0.lnk", lpFilePart=0x0) returned 0x51 [0221.635] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ScFVHzsefvu1Kt2J0.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ScFVHzsefvu1Kt2J0.lnk.rtcrypted", lpFilePart=0x0) returned 0x5b [0221.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.636] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ScFVHzsefvu1Kt2J0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\scfvhzsefvu1kt2j0.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee3cf1e4, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x187ca786, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x187ca786, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x6ab)) returned 1 [0221.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.636] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ScFVHzsefvu1Kt2J0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\scfvhzsefvu1kt2j0.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ScFVHzsefvu1Kt2J0.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\scfvhzsefvu1kt2j0.lnk.rtcrypted")) returned 1 [0221.638] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.638] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.638] GetFileType (hFile=0x2cc) returned 0x1 [0221.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.639] GetFileType (hFile=0x2cc) returned 0x1 [0221.639] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x30c8 [0221.639] WriteFile (in: hFile=0x2cc, lpBuffer=0x229b1b0*, nNumberOfBytesToWrite=0x52, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x229b1b0*, lpNumberOfBytesWritten=0x15ecc8*=0x52, lpOverlapped=0x0) returned 1 [0221.639] CloseHandle (hObject=0x2cc) returned 1 [0221.641] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.642] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sg MXaT5p_6OuAzIkQ9b.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sg MXaT5p_6OuAzIkQ9b.lnk", lpFilePart=0x0) returned 0x54 [0221.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.642] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sg MXaT5p_6OuAzIkQ9b.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\sg mxat5p_6ouazikq9b.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.643] GetFileType (hFile=0x2cc) returned 0x1 [0221.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.643] GetFileType (hFile=0x2cc) returned 0x1 [0221.643] ReadFile (in: hFile=0x2cc, lpBuffer=0x229c788, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x229c788*, lpNumberOfBytesRead=0x15edd8*=0x2c3, lpOverlapped=0x0) returned 1 [0221.643] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.643] WriteFile (in: hFile=0x2cc, lpBuffer=0x229c788*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x229c788*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.644] CloseHandle (hObject=0x2cc) returned 1 [0221.645] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sg MXaT5p_6OuAzIkQ9b.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sg MXaT5p_6OuAzIkQ9b.lnk", lpFilePart=0x0) returned 0x54 [0221.645] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sg MXaT5p_6OuAzIkQ9b.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sg MXaT5p_6OuAzIkQ9b.lnk.rtcrypted", lpFilePart=0x0) returned 0x5e [0221.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.646] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sg MXaT5p_6OuAzIkQ9b.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\sg mxat5p_6ouazikq9b.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5fba47, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x187ddfef, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x187ddfef, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2c3)) returned 1 [0221.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.646] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sg MXaT5p_6OuAzIkQ9b.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\sg mxat5p_6ouazikq9b.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sg MXaT5p_6OuAzIkQ9b.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\sg mxat5p_6ouazikq9b.lnk.rtcrypted")) returned 1 [0221.647] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.648] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.648] GetFileType (hFile=0x2cc) returned 0x1 [0221.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.648] GetFileType (hFile=0x2cc) returned 0x1 [0221.648] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x311a [0221.649] WriteFile (in: hFile=0x2cc, lpBuffer=0x229f138*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x229f138*, lpNumberOfBytesWritten=0x15ecc8*=0x55, lpOverlapped=0x0) returned 1 [0221.649] CloseHandle (hObject=0x2cc) returned 1 [0221.654] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.655] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\smN8Rnib6nLWu.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\smN8Rnib6nLWu.xlsx.lnk", lpFilePart=0x0) returned 0x52 [0221.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.655] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\smN8Rnib6nLWu.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\smn8rnib6nlwu.xlsx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.655] GetFileType (hFile=0x2cc) returned 0x1 [0221.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.655] GetFileType (hFile=0x2cc) returned 0x1 [0221.656] ReadFile (in: hFile=0x2cc, lpBuffer=0x22a0700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22a0700*, lpNumberOfBytesRead=0x15edd8*=0x3e6, lpOverlapped=0x0) returned 1 [0221.656] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.656] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a0700*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22a0700*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.656] CloseHandle (hObject=0x2cc) returned 1 [0221.658] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\smN8Rnib6nLWu.xlsx.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\smN8Rnib6nLWu.xlsx.lnk", lpFilePart=0x0) returned 0x52 [0221.658] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\smN8Rnib6nLWu.xlsx.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\smN8Rnib6nLWu.xlsx.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0221.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\smN8Rnib6nLWu.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\smn8rnib6nlwu.xlsx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf74c2d56, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x188035ca, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x188035ca, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3e6)) returned 1 [0221.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.658] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\smN8Rnib6nLWu.xlsx.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\smn8rnib6nlwu.xlsx.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\smN8Rnib6nLWu.xlsx.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\smn8rnib6nlwu.xlsx.lnk.rtcrypted")) returned 1 [0221.660] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.660] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.660] GetFileType (hFile=0x2cc) returned 0x1 [0221.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.660] GetFileType (hFile=0x2cc) returned 0x1 [0221.660] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x316f [0221.661] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a30a0*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22a30a0*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0221.661] CloseHandle (hObject=0x2cc) returned 1 [0221.663] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.663] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snzDMqSsgLa.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snzDMqSsgLa.lnk", lpFilePart=0x0) returned 0x4b [0221.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.664] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snzDMqSsgLa.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\snzdmqssgla.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.664] GetFileType (hFile=0x2cc) returned 0x1 [0221.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.664] GetFileType (hFile=0x2cc) returned 0x1 [0221.664] ReadFile (in: hFile=0x2cc, lpBuffer=0x22a4648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22a4648*, lpNumberOfBytesRead=0x15edd8*=0x3f6, lpOverlapped=0x0) returned 1 [0221.665] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.665] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a4648*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22a4648*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.665] CloseHandle (hObject=0x2cc) returned 1 [0221.668] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snzDMqSsgLa.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snzDMqSsgLa.lnk", lpFilePart=0x0) returned 0x4b [0221.668] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snzDMqSsgLa.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snzDMqSsgLa.lnk.rtcrypted", lpFilePart=0x0) returned 0x55 [0221.668] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.668] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snzDMqSsgLa.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\snzdmqssgla.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd55f9e01, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x188035ca, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x188035ca, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3f6)) returned 1 [0221.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.668] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snzDMqSsgLa.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\snzdmqssgla.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snzDMqSsgLa.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\snzdmqssgla.lnk.rtcrypted")) returned 1 [0221.670] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.670] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.671] GetFileType (hFile=0x2cc) returned 0x1 [0221.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.671] GetFileType (hFile=0x2cc) returned 0x1 [0221.671] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x31c2 [0221.671] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a6fb0*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22a6fb0*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0221.671] CloseHandle (hObject=0x2cc) returned 1 [0221.674] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.675] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srqzB.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srqzB.flv.lnk", lpFilePart=0x0) returned 0x49 [0221.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.675] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srqzB.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\srqzb.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.676] GetFileType (hFile=0x2cc) returned 0x1 [0221.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.676] GetFileType (hFile=0x2cc) returned 0x1 [0221.676] ReadFile (in: hFile=0x2cc, lpBuffer=0x22a8558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22a8558*, lpNumberOfBytesRead=0x15edd8*=0x40c, lpOverlapped=0x0) returned 1 [0221.676] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.676] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a8558*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22a8558*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.677] CloseHandle (hObject=0x2cc) returned 1 [0221.678] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srqzB.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srqzB.flv.lnk", lpFilePart=0x0) returned 0x49 [0221.678] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srqzB.flv.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srqzB.flv.lnk.rtcrypted", lpFilePart=0x0) returned 0x53 [0221.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.679] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srqzB.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\srqzb.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9ff2d22, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1882bd24, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1882bd24, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x40c)) returned 1 [0221.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.679] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srqzB.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\srqzb.flv.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srqzB.flv.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\srqzb.flv.lnk.rtcrypted")) returned 1 [0221.682] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.682] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.682] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.683] GetFileType (hFile=0x2cc) returned 0x1 [0221.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.683] GetFileType (hFile=0x2cc) returned 0x1 [0221.683] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x320e [0221.684] WriteFile (in: hFile=0x2cc, lpBuffer=0x22aaea8*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22aaea8*, lpNumberOfBytesWritten=0x15ecc8*=0x4a, lpOverlapped=0x0) returned 1 [0221.684] CloseHandle (hObject=0x2cc) returned 1 [0221.686] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.686] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tFcCKPod.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tFcCKPod.lnk", lpFilePart=0x0) returned 0x48 [0221.686] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.687] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tFcCKPod.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\tfcckpod.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.687] GetFileType (hFile=0x2cc) returned 0x1 [0221.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.687] GetFileType (hFile=0x2cc) returned 0x1 [0221.687] ReadFile (in: hFile=0x2cc, lpBuffer=0x22ac450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22ac450*, lpNumberOfBytesRead=0x15edd8*=0x3cd, lpOverlapped=0x0) returned 1 [0221.688] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.688] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ac450*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22ac450*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.688] CloseHandle (hObject=0x2cc) returned 1 [0221.689] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tFcCKPod.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tFcCKPod.lnk", lpFilePart=0x0) returned 0x48 [0221.689] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tFcCKPod.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tFcCKPod.lnk.rtcrypted", lpFilePart=0x0) returned 0x52 [0221.689] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.689] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tFcCKPod.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\tfcckpod.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef9035d8, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1884fbcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1884fbcc, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3cd)) returned 1 [0221.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.690] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tFcCKPod.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\tfcckpod.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tFcCKPod.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\tfcckpod.lnk.rtcrypted")) returned 1 [0221.691] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.692] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.692] GetFileType (hFile=0x2cc) returned 0x1 [0221.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.692] GetFileType (hFile=0x2cc) returned 0x1 [0221.692] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3258 [0221.693] WriteFile (in: hFile=0x2cc, lpBuffer=0x22aeda0*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22aeda0*, lpNumberOfBytesWritten=0x15ecc8*=0x49, lpOverlapped=0x0) returned 1 [0221.693] CloseHandle (hObject=0x2cc) returned 1 [0221.711] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.712] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tKwoXg9sP.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tKwoXg9sP.lnk", lpFilePart=0x0) returned 0x49 [0221.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.712] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tKwoXg9sP.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\tkwoxg9sp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.713] GetFileType (hFile=0x2cc) returned 0x1 [0221.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.713] GetFileType (hFile=0x2cc) returned 0x1 [0221.714] ReadFile (in: hFile=0x2cc, lpBuffer=0x22b0348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22b0348*, lpNumberOfBytesRead=0x15edd8*=0x460, lpOverlapped=0x0) returned 1 [0221.714] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.715] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b0348*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22b0348*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.715] CloseHandle (hObject=0x2cc) returned 1 [0221.718] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tKwoXg9sP.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tKwoXg9sP.lnk", lpFilePart=0x0) returned 0x49 [0221.718] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tKwoXg9sP.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tKwoXg9sP.lnk.rtcrypted", lpFilePart=0x0) returned 0x53 [0221.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.718] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tKwoXg9sP.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\tkwoxg9sp.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4e8ea2, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x1889bf84, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1889bf84, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x460)) returned 1 [0221.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.718] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tKwoXg9sP.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\tkwoxg9sp.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tKwoXg9sP.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\tkwoxg9sp.lnk.rtcrypted")) returned 1 [0221.720] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.721] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.721] GetFileType (hFile=0x2cc) returned 0x1 [0221.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.721] GetFileType (hFile=0x2cc) returned 0x1 [0221.721] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x32a1 [0221.722] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b2c98*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22b2c98*, lpNumberOfBytesWritten=0x15ecc8*=0x4a, lpOverlapped=0x0) returned 1 [0221.722] CloseHandle (hObject=0x2cc) returned 1 [0221.724] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.725] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TL__DH.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TL__DH.flv.lnk", lpFilePart=0x0) returned 0x4a [0221.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.725] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TL__DH.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\tl__dh.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.726] GetFileType (hFile=0x2cc) returned 0x1 [0221.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.726] GetFileType (hFile=0x2cc) returned 0x1 [0221.727] ReadFile (in: hFile=0x2cc, lpBuffer=0x22b4240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22b4240*, lpNumberOfBytesRead=0x15edd8*=0x3d6, lpOverlapped=0x0) returned 1 [0221.727] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.727] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b4240*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22b4240*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.727] CloseHandle (hObject=0x2cc) returned 1 [0221.730] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TL__DH.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TL__DH.flv.lnk", lpFilePart=0x0) returned 0x4a [0221.730] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TL__DH.flv.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TL__DH.flv.lnk.rtcrypted", lpFilePart=0x0) returned 0x54 [0221.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.730] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TL__DH.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\tl__dh.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc68b09c, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x1889bf84, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1889bf84, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3d6)) returned 1 [0221.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.730] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TL__DH.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\tl__dh.flv.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TL__DH.flv.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\tl__dh.flv.lnk.rtcrypted")) returned 1 [0221.733] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.733] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.733] GetFileType (hFile=0x2cc) returned 0x1 [0221.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.734] GetFileType (hFile=0x2cc) returned 0x1 [0221.734] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x32eb [0221.735] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b6ba0*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22b6ba0*, lpNumberOfBytesWritten=0x15ecc8*=0x4b, lpOverlapped=0x0) returned 1 [0221.735] CloseHandle (hObject=0x2cc) returned 1 [0221.737] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.737] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u7sDs2LZ.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u7sDs2LZ.lnk", lpFilePart=0x0) returned 0x48 [0221.738] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.738] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u7sDs2LZ.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\u7sds2lz.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.738] GetFileType (hFile=0x2cc) returned 0x1 [0221.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.739] GetFileType (hFile=0x2cc) returned 0x1 [0221.739] ReadFile (in: hFile=0x2cc, lpBuffer=0x22b8148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22b8148*, lpNumberOfBytesRead=0x15edd8*=0x523, lpOverlapped=0x0) returned 1 [0221.740] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.740] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b8148*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22b8148*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.740] CloseHandle (hObject=0x2cc) returned 1 [0221.741] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u7sDs2LZ.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u7sDs2LZ.lnk", lpFilePart=0x0) returned 0x48 [0221.741] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u7sDs2LZ.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u7sDs2LZ.lnk.rtcrypted", lpFilePart=0x0) returned 0x52 [0221.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.742] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u7sDs2LZ.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\u7sds2lz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22cab4, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x188c27fb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x188c27fb, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x523)) returned 1 [0221.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.742] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u7sDs2LZ.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\u7sds2lz.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u7sDs2LZ.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\u7sds2lz.lnk.rtcrypted")) returned 1 [0221.753] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.753] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.754] GetFileType (hFile=0x2cc) returned 0x1 [0221.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.754] GetFileType (hFile=0x2cc) returned 0x1 [0221.754] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3336 [0221.755] WriteFile (in: hFile=0x2cc, lpBuffer=0x22baa98*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22baa98*, lpNumberOfBytesWritten=0x15ecc8*=0x49, lpOverlapped=0x0) returned 1 [0221.755] CloseHandle (hObject=0x2cc) returned 1 [0221.758] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.758] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UHkhqoDlS1ZMy4YF1xN.xls.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UHkhqoDlS1ZMy4YF1xN.xls.lnk", lpFilePart=0x0) returned 0x57 [0221.759] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.759] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UHkhqoDlS1ZMy4YF1xN.xls.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\uhkhqodls1zmy4yf1xn.xls.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.759] GetFileType (hFile=0x2cc) returned 0x1 [0221.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.761] GetFileType (hFile=0x2cc) returned 0x1 [0221.761] ReadFile (in: hFile=0x2cc, lpBuffer=0x22bc070, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22bc070*, lpNumberOfBytesRead=0x15edd8*=0x4cc, lpOverlapped=0x0) returned 1 [0221.762] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.762] WriteFile (in: hFile=0x2cc, lpBuffer=0x22bc070*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22bc070*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.762] CloseHandle (hObject=0x2cc) returned 1 [0221.764] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UHkhqoDlS1ZMy4YF1xN.xls.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UHkhqoDlS1ZMy4YF1xN.xls.lnk", lpFilePart=0x0) returned 0x57 [0221.764] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UHkhqoDlS1ZMy4YF1xN.xls.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UHkhqoDlS1ZMy4YF1xN.xls.lnk.rtcrypted", lpFilePart=0x0) returned 0x61 [0221.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.764] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UHkhqoDlS1ZMy4YF1xN.xls.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\uhkhqodls1zmy4yf1xn.xls.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8bc89d, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x1890eade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1890eade, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x4cc)) returned 1 [0221.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.765] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UHkhqoDlS1ZMy4YF1xN.xls.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\uhkhqodls1zmy4yf1xn.xls.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UHkhqoDlS1ZMy4YF1xN.xls.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\uhkhqodls1zmy4yf1xn.xls.lnk.rtcrypted")) returned 1 [0221.766] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.767] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.767] GetFileType (hFile=0x2cc) returned 0x1 [0221.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.767] GetFileType (hFile=0x2cc) returned 0x1 [0221.767] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x337f [0221.768] WriteFile (in: hFile=0x2cc, lpBuffer=0x22bea38*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22bea38*, lpNumberOfBytesWritten=0x15ecc8*=0x58, lpOverlapped=0x0) returned 1 [0221.768] CloseHandle (hObject=0x2cc) returned 1 [0221.773] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.774] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UkJYmBRGn-l6870DyiLq.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UkJYmBRGn-l6870DyiLq.lnk", lpFilePart=0x0) returned 0x54 [0221.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.774] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UkJYmBRGn-l6870DyiLq.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ukjymbrgn-l6870dyilq.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.774] GetFileType (hFile=0x2cc) returned 0x1 [0221.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.774] GetFileType (hFile=0x2cc) returned 0x1 [0221.775] ReadFile (in: hFile=0x2cc, lpBuffer=0x22c0010, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22c0010*, lpNumberOfBytesRead=0x15edd8*=0x2c3, lpOverlapped=0x0) returned 1 [0221.775] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.781] WriteFile (in: hFile=0x2cc, lpBuffer=0x22c0010*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22c0010*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.782] CloseHandle (hObject=0x2cc) returned 1 [0221.785] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UkJYmBRGn-l6870DyiLq.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UkJYmBRGn-l6870DyiLq.lnk", lpFilePart=0x0) returned 0x54 [0221.785] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UkJYmBRGn-l6870DyiLq.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UkJYmBRGn-l6870DyiLq.lnk.rtcrypted", lpFilePart=0x0) returned 0x5e [0221.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UkJYmBRGn-l6870DyiLq.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ukjymbrgn-l6870dyilq.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x107b1e5c, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x18941919, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18941919, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2c3)) returned 1 [0221.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.785] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UkJYmBRGn-l6870DyiLq.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ukjymbrgn-l6870dyilq.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UkJYmBRGn-l6870DyiLq.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ukjymbrgn-l6870dyilq.lnk.rtcrypted")) returned 1 [0221.787] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.787] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.788] GetFileType (hFile=0x2cc) returned 0x1 [0221.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.788] GetFileType (hFile=0x2cc) returned 0x1 [0221.788] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x33d7 [0221.788] WriteFile (in: hFile=0x2cc, lpBuffer=0x22c29c0*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22c29c0*, lpNumberOfBytesWritten=0x15ecc8*=0x55, lpOverlapped=0x0) returned 1 [0221.788] CloseHandle (hObject=0x2cc) returned 1 [0221.789] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.790] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uLcxfT.pps.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uLcxfT.pps.lnk", lpFilePart=0x0) returned 0x4a [0221.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.790] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uLcxfT.pps.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ulcxft.pps.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.790] GetFileType (hFile=0x2cc) returned 0x1 [0221.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.790] GetFileType (hFile=0x2cc) returned 0x1 [0221.791] ReadFile (in: hFile=0x2cc, lpBuffer=0x22c3f68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22c3f68*, lpNumberOfBytesRead=0x15edd8*=0x47b, lpOverlapped=0x0) returned 1 [0221.794] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.819] WriteFile (in: hFile=0x2cc, lpBuffer=0x22c3f68*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22c3f68*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.820] CloseHandle (hObject=0x2cc) returned 1 [0221.820] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uLcxfT.pps.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uLcxfT.pps.lnk", lpFilePart=0x0) returned 0x4a [0221.820] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uLcxfT.pps.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uLcxfT.pps.lnk.rtcrypted", lpFilePart=0x0) returned 0x54 [0221.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.820] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uLcxfT.pps.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ulcxft.pps.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd2767c2, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18991638, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18991638, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x47b)) returned 1 [0221.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.821] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uLcxfT.pps.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ulcxft.pps.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uLcxfT.pps.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ulcxft.pps.lnk.rtcrypted")) returned 1 [0221.822] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.822] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.822] GetFileType (hFile=0x2cc) returned 0x1 [0221.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.823] GetFileType (hFile=0x2cc) returned 0x1 [0221.823] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x342c [0221.823] WriteFile (in: hFile=0x2cc, lpBuffer=0x22c68c8*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22c68c8*, lpNumberOfBytesWritten=0x15ecc8*=0x4b, lpOverlapped=0x0) returned 1 [0221.824] CloseHandle (hObject=0x2cc) returned 1 [0221.825] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.825] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UP8au-zEVP8.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UP8au-zEVP8.lnk", lpFilePart=0x0) returned 0x4b [0221.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.826] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UP8au-zEVP8.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\up8au-zevp8.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.826] GetFileType (hFile=0x2cc) returned 0x1 [0221.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.826] GetFileType (hFile=0x2cc) returned 0x1 [0221.858] ReadFile (in: hFile=0x2cc, lpBuffer=0x22c7e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22c7e70*, lpNumberOfBytesRead=0x15edd8*=0x3d0, lpOverlapped=0x0) returned 1 [0221.858] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.858] WriteFile (in: hFile=0x2cc, lpBuffer=0x22c7e70*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22c7e70*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.876] CloseHandle (hObject=0x2cc) returned 1 [0221.876] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UP8au-zEVP8.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UP8au-zEVP8.lnk", lpFilePart=0x0) returned 0x4b [0221.877] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UP8au-zEVP8.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UP8au-zEVP8.lnk.rtcrypted", lpFilePart=0x0) returned 0x55 [0221.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.877] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UP8au-zEVP8.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\up8au-zevp8.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76f3d54, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x18a28914, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18a28914, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3d0)) returned 1 [0221.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.877] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UP8au-zEVP8.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\up8au-zevp8.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UP8au-zEVP8.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\up8au-zevp8.lnk.rtcrypted")) returned 1 [0221.879] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.879] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.880] GetFileType (hFile=0x2cc) returned 0x1 [0221.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.880] GetFileType (hFile=0x2cc) returned 0x1 [0221.880] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3477 [0221.881] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ca7d8*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22ca7d8*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0221.881] CloseHandle (hObject=0x2cc) returned 1 [0221.882] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.883] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Videos.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Videos.lnk", lpFilePart=0x0) returned 0x46 [0221.883] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.883] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Videos.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\videos.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.884] GetFileType (hFile=0x2cc) returned 0x1 [0221.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.884] GetFileType (hFile=0x2cc) returned 0x1 [0221.884] ReadFile (in: hFile=0x2cc, lpBuffer=0x22cbd70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22cbd70*, lpNumberOfBytesRead=0x15edd8*=0x2f0, lpOverlapped=0x0) returned 1 [0221.885] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.885] WriteFile (in: hFile=0x2cc, lpBuffer=0x22cbd70*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22cbd70*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.886] CloseHandle (hObject=0x2cc) returned 1 [0221.886] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Videos.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Videos.lnk", lpFilePart=0x0) returned 0x46 [0221.886] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Videos.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Videos.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0221.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.886] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Videos.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\videos.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d99ed53, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x18a3fcf3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18a3fcf3, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2f0)) returned 1 [0221.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.887] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Videos.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\videos.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Videos.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\videos.lnk.rtcrypted")) returned 1 [0221.889] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.889] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.889] GetFileType (hFile=0x2cc) returned 0x1 [0221.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.890] GetFileType (hFile=0x2cc) returned 0x1 [0221.890] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x34c3 [0221.890] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ce6b0*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22ce6b0*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0221.891] CloseHandle (hObject=0x2cc) returned 1 [0221.892] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.893] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vPtkmO.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vPtkmO.lnk", lpFilePart=0x0) returned 0x46 [0221.893] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.894] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vPtkmO.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\vptkmo.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.894] GetFileType (hFile=0x2cc) returned 0x1 [0221.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.894] GetFileType (hFile=0x2cc) returned 0x1 [0221.895] ReadFile (in: hFile=0x2cc, lpBuffer=0x22cfc48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22cfc48*, lpNumberOfBytesRead=0x15edd8*=0x36a, lpOverlapped=0x0) returned 1 [0221.895] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.895] WriteFile (in: hFile=0x2cc, lpBuffer=0x22cfc48*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22cfc48*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.895] CloseHandle (hObject=0x2cc) returned 1 [0221.896] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vPtkmO.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vPtkmO.lnk", lpFilePart=0x0) returned 0x46 [0221.896] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vPtkmO.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vPtkmO.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0221.896] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.896] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vPtkmO.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\vptkmo.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xddf61b09, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18a3fcf3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18a3fcf3, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x36a)) returned 1 [0221.896] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.896] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vPtkmO.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\vptkmo.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vPtkmO.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\vptkmo.lnk.rtcrypted")) returned 1 [0221.899] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.900] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.905] GetFileType (hFile=0x2cc) returned 0x1 [0221.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.905] GetFileType (hFile=0x2cc) returned 0x1 [0221.905] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x350a [0221.906] WriteFile (in: hFile=0x2cc, lpBuffer=0x22d2588*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22d2588*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0221.906] CloseHandle (hObject=0x2cc) returned 1 [0221.908] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.908] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vrypMS0u_xB.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vrypMS0u_xB.lnk", lpFilePart=0x0) returned 0x4b [0221.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.909] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vrypMS0u_xB.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\vrypms0u_xb.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.909] GetFileType (hFile=0x2cc) returned 0x1 [0221.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.909] GetFileType (hFile=0x2cc) returned 0x1 [0221.910] ReadFile (in: hFile=0x2cc, lpBuffer=0x22d3b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22d3b30*, lpNumberOfBytesRead=0x15edd8*=0x3dc, lpOverlapped=0x0) returned 1 [0221.910] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.910] WriteFile (in: hFile=0x2cc, lpBuffer=0x22d3b30*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22d3b30*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.911] CloseHandle (hObject=0x2cc) returned 1 [0221.911] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vrypMS0u_xB.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vrypMS0u_xB.lnk", lpFilePart=0x0) returned 0x4b [0221.911] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vrypMS0u_xB.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vrypMS0u_xB.lnk.rtcrypted", lpFilePart=0x0) returned 0x55 [0221.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.911] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vrypMS0u_xB.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\vrypms0u_xb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe93b5dc7, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18a65b8d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18a65b8d, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3dc)) returned 1 [0221.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.912] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vrypMS0u_xB.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\vrypms0u_xb.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vrypMS0u_xB.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\vrypms0u_xb.lnk.rtcrypted")) returned 1 [0221.913] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.914] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.914] GetFileType (hFile=0x2cc) returned 0x1 [0221.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.914] GetFileType (hFile=0x2cc) returned 0x1 [0221.915] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3551 [0221.915] WriteFile (in: hFile=0x2cc, lpBuffer=0x22d6498*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22d6498*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0221.916] CloseHandle (hObject=0x2cc) returned 1 [0221.917] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.918] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VvJS.odp.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VvJS.odp.lnk", lpFilePart=0x0) returned 0x48 [0221.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.919] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VvJS.odp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\vvjs.odp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.920] GetFileType (hFile=0x2cc) returned 0x1 [0221.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.920] GetFileType (hFile=0x2cc) returned 0x1 [0221.920] ReadFile (in: hFile=0x2cc, lpBuffer=0x22d7a40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22d7a40*, lpNumberOfBytesRead=0x15edd8*=0x26f, lpOverlapped=0x0) returned 1 [0221.920] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.921] WriteFile (in: hFile=0x2cc, lpBuffer=0x22d7a40*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22d7a40*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.921] CloseHandle (hObject=0x2cc) returned 1 [0221.921] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VvJS.odp.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VvJS.odp.lnk", lpFilePart=0x0) returned 0x48 [0221.921] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VvJS.odp.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VvJS.odp.lnk.rtcrypted", lpFilePart=0x0) returned 0x52 [0221.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.922] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VvJS.odp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\vvjs.odp.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa1d5b8f, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18a8c0f9, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18a8c0f9, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x26f)) returned 1 [0221.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.922] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VvJS.odp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\vvjs.odp.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VvJS.odp.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\vvjs.odp.lnk.rtcrypted")) returned 1 [0221.923] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.924] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.924] GetFileType (hFile=0x2cc) returned 0x1 [0221.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.924] GetFileType (hFile=0x2cc) returned 0x1 [0221.925] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x359d [0221.925] WriteFile (in: hFile=0x2cc, lpBuffer=0x22da390*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22da390*, lpNumberOfBytesWritten=0x15ecc8*=0x49, lpOverlapped=0x0) returned 1 [0221.925] CloseHandle (hObject=0x2cc) returned 1 [0221.926] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.927] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w7V8A-uHWT3m-XUwfg56.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w7V8A-uHWT3m-XUwfg56.lnk", lpFilePart=0x0) returned 0x54 [0221.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.927] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w7V8A-uHWT3m-XUwfg56.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\w7v8a-uhwt3m-xuwfg56.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.928] GetFileType (hFile=0x2cc) returned 0x1 [0221.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.928] GetFileType (hFile=0x2cc) returned 0x1 [0221.928] ReadFile (in: hFile=0x2cc, lpBuffer=0x22db968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22db968*, lpNumberOfBytesRead=0x15edd8*=0x2c3, lpOverlapped=0x0) returned 1 [0221.929] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.929] WriteFile (in: hFile=0x2cc, lpBuffer=0x22db968*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22db968*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.929] CloseHandle (hObject=0x2cc) returned 1 [0221.930] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w7V8A-uHWT3m-XUwfg56.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w7V8A-uHWT3m-XUwfg56.lnk", lpFilePart=0x0) returned 0x54 [0221.930] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w7V8A-uHWT3m-XUwfg56.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w7V8A-uHWT3m-XUwfg56.lnk.rtcrypted", lpFilePart=0x0) returned 0x5e [0221.930] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.930] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w7V8A-uHWT3m-XUwfg56.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\w7v8a-uhwt3m-xuwfg56.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdacf43b, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x18a8c0f9, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18a8c0f9, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2c3)) returned 1 [0221.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.930] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w7V8A-uHWT3m-XUwfg56.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\w7v8a-uhwt3m-xuwfg56.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w7V8A-uHWT3m-XUwfg56.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\w7v8a-uhwt3m-xuwfg56.lnk.rtcrypted")) returned 1 [0221.945] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.945] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.946] GetFileType (hFile=0x2cc) returned 0x1 [0221.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.946] GetFileType (hFile=0x2cc) returned 0x1 [0221.946] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x35e6 [0221.947] WriteFile (in: hFile=0x2cc, lpBuffer=0x22de318*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22de318*, lpNumberOfBytesWritten=0x15ecc8*=0x55, lpOverlapped=0x0) returned 1 [0221.948] CloseHandle (hObject=0x2cc) returned 1 [0221.949] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.949] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WDmuMj12Phg.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WDmuMj12Phg.lnk", lpFilePart=0x0) returned 0x4b [0221.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.950] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WDmuMj12Phg.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wdmumj12phg.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.950] GetFileType (hFile=0x2cc) returned 0x1 [0221.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.951] GetFileType (hFile=0x2cc) returned 0x1 [0221.951] ReadFile (in: hFile=0x2cc, lpBuffer=0x22df8c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22df8c0*, lpNumberOfBytesRead=0x15edd8*=0x51b, lpOverlapped=0x0) returned 1 [0221.952] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.952] WriteFile (in: hFile=0x2cc, lpBuffer=0x22df8c0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22df8c0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.952] CloseHandle (hObject=0x2cc) returned 1 [0221.952] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WDmuMj12Phg.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WDmuMj12Phg.lnk", lpFilePart=0x0) returned 0x4b [0221.953] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WDmuMj12Phg.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WDmuMj12Phg.lnk.rtcrypted", lpFilePart=0x0) returned 0x55 [0221.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WDmuMj12Phg.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wdmumj12phg.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf83a2718, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18ad8942, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18ad8942, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x51b)) returned 1 [0221.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.953] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WDmuMj12Phg.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wdmumj12phg.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WDmuMj12Phg.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wdmumj12phg.lnk.rtcrypted")) returned 1 [0221.955] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.955] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.956] GetFileType (hFile=0x2cc) returned 0x1 [0221.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.956] GetFileType (hFile=0x2cc) returned 0x1 [0221.956] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x363b [0221.957] WriteFile (in: hFile=0x2cc, lpBuffer=0x22e2228*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22e2228*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0221.957] CloseHandle (hObject=0x2cc) returned 1 [0221.958] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.959] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wFdXt6C3g60.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wFdXt6C3g60.lnk", lpFilePart=0x0) returned 0x4b [0221.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.959] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wFdXt6C3g60.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wfdxt6c3g60.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.960] GetFileType (hFile=0x2cc) returned 0x1 [0221.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.960] GetFileType (hFile=0x2cc) returned 0x1 [0221.961] ReadFile (in: hFile=0x2cc, lpBuffer=0x22e37d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22e37d0*, lpNumberOfBytesRead=0x15edd8*=0x296, lpOverlapped=0x0) returned 1 [0221.961] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.961] WriteFile (in: hFile=0x2cc, lpBuffer=0x22e37d0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22e37d0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.962] CloseHandle (hObject=0x2cc) returned 1 [0221.962] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wFdXt6C3g60.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wFdXt6C3g60.lnk", lpFilePart=0x0) returned 0x4b [0221.962] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wFdXt6C3g60.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wFdXt6C3g60.lnk.rtcrypted", lpFilePart=0x0) returned 0x55 [0221.962] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.962] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wFdXt6C3g60.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wfdxt6c3g60.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c7e634, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18ad8942, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18ad8942, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x296)) returned 1 [0221.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.963] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wFdXt6C3g60.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wfdxt6c3g60.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wFdXt6C3g60.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wfdxt6c3g60.lnk.rtcrypted")) returned 1 [0221.974] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.974] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.975] GetFileType (hFile=0x2cc) returned 0x1 [0221.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.975] GetFileType (hFile=0x2cc) returned 0x1 [0221.975] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3687 [0221.976] WriteFile (in: hFile=0x2cc, lpBuffer=0x22e6138*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22e6138*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0221.976] CloseHandle (hObject=0x2cc) returned 1 [0221.977] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.978] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfobQHYIBDGT.ods.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfobQHYIBDGT.ods.lnk", lpFilePart=0x0) returned 0x50 [0221.978] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.980] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfobQHYIBDGT.ods.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wfobqhyibdgt.ods.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.980] GetFileType (hFile=0x2cc) returned 0x1 [0221.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.980] GetFileType (hFile=0x2cc) returned 0x1 [0221.981] ReadFile (in: hFile=0x2cc, lpBuffer=0x22e7700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22e7700*, lpNumberOfBytesRead=0x15edd8*=0x3dc, lpOverlapped=0x0) returned 1 [0221.981] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.981] WriteFile (in: hFile=0x2cc, lpBuffer=0x22e7700*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22e7700*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.982] CloseHandle (hObject=0x2cc) returned 1 [0221.982] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfobQHYIBDGT.ods.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfobQHYIBDGT.ods.lnk", lpFilePart=0x0) returned 0x50 [0221.982] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfobQHYIBDGT.ods.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfobQHYIBDGT.ods.lnk.rtcrypted", lpFilePart=0x0) returned 0x5a [0221.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfobQHYIBDGT.ods.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wfobqhyibdgt.ods.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdee9b223, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18b2491d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18b2491d, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3dc)) returned 1 [0221.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.983] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfobQHYIBDGT.ods.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wfobqhyibdgt.ods.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfobQHYIBDGT.ods.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wfobqhyibdgt.ods.lnk.rtcrypted")) returned 1 [0221.985] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.985] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.985] GetFileType (hFile=0x2cc) returned 0x1 [0221.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.986] GetFileType (hFile=0x2cc) returned 0x1 [0221.986] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x36d3 [0221.986] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ea090*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22ea090*, lpNumberOfBytesWritten=0x15ecc8*=0x51, lpOverlapped=0x0) returned 1 [0221.987] CloseHandle (hObject=0x2cc) returned 1 [0221.988] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.988] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WFsJxSQxtzsU8zvNclOo.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WFsJxSQxtzsU8zvNclOo.lnk", lpFilePart=0x0) returned 0x54 [0221.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.989] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WFsJxSQxtzsU8zvNclOo.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wfsjxsqxtzsu8zvncloo.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.989] GetFileType (hFile=0x2cc) returned 0x1 [0221.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.989] GetFileType (hFile=0x2cc) returned 0x1 [0221.990] ReadFile (in: hFile=0x2cc, lpBuffer=0x22eb668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22eb668*, lpNumberOfBytesRead=0x15edd8*=0x6ba, lpOverlapped=0x0) returned 1 [0221.990] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0221.990] WriteFile (in: hFile=0x2cc, lpBuffer=0x22eb668*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22eb668*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0221.991] CloseHandle (hObject=0x2cc) returned 1 [0221.991] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WFsJxSQxtzsU8zvNclOo.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WFsJxSQxtzsU8zvNclOo.lnk", lpFilePart=0x0) returned 0x54 [0221.991] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WFsJxSQxtzsU8zvNclOo.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WFsJxSQxtzsU8zvNclOo.lnk.rtcrypted", lpFilePart=0x0) returned 0x5e [0221.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0221.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WFsJxSQxtzsU8zvNclOo.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wfsjxsqxtzsu8zvncloo.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf63536ea, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18b2491d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18b2491d, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x6ba)) returned 1 [0221.992] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0221.992] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WFsJxSQxtzsU8zvNclOo.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wfsjxsqxtzsu8zvncloo.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WFsJxSQxtzsU8zvNclOo.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wfsjxsqxtzsu8zvncloo.lnk.rtcrypted")) returned 1 [0221.993] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0221.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0221.995] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0221.995] GetFileType (hFile=0x2cc) returned 0x1 [0221.995] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0221.995] GetFileType (hFile=0x2cc) returned 0x1 [0221.995] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3724 [0221.996] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ee018*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22ee018*, lpNumberOfBytesWritten=0x15ecc8*=0x55, lpOverlapped=0x0) returned 1 [0221.996] CloseHandle (hObject=0x2cc) returned 1 [0221.998] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0221.998] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wse91V.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wse91V.lnk", lpFilePart=0x0) returned 0x46 [0221.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0221.999] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wse91V.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wse91v.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0221.999] GetFileType (hFile=0x2cc) returned 0x1 [0221.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0221.999] GetFileType (hFile=0x2cc) returned 0x1 [0222.000] ReadFile (in: hFile=0x2cc, lpBuffer=0x22ef5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22ef5b0*, lpNumberOfBytesRead=0x15edd8*=0x383, lpOverlapped=0x0) returned 1 [0222.000] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.000] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ef5b0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22ef5b0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.001] CloseHandle (hObject=0x2cc) returned 1 [0222.001] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wse91V.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wse91V.lnk", lpFilePart=0x0) returned 0x46 [0222.001] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wse91V.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wse91V.lnk.rtcrypted", lpFilePart=0x0) returned 0x50 [0222.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.001] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wse91V.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wse91v.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38808aa, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x18b4acc7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18b4acc7, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x383)) returned 1 [0222.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.002] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wse91V.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wse91v.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wse91V.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wse91v.lnk.rtcrypted")) returned 1 [0222.003] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.004] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.004] GetFileType (hFile=0x2cc) returned 0x1 [0222.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.004] GetFileType (hFile=0x2cc) returned 0x1 [0222.004] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3779 [0222.005] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f1ef0*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22f1ef0*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0222.005] CloseHandle (hObject=0x2cc) returned 1 [0222.006] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.007] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wsjB3_tj0w.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wsjB3_tj0w.lnk", lpFilePart=0x0) returned 0x4a [0222.007] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.008] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wsjB3_tj0w.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wsjb3_tj0w.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.008] GetFileType (hFile=0x2cc) returned 0x1 [0222.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.008] GetFileType (hFile=0x2cc) returned 0x1 [0222.009] ReadFile (in: hFile=0x2cc, lpBuffer=0x22f3498, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22f3498*, lpNumberOfBytesRead=0x15edd8*=0x2ff, lpOverlapped=0x0) returned 1 [0222.009] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.009] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f3498*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22f3498*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.022] CloseHandle (hObject=0x2cc) returned 1 [0222.023] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wsjB3_tj0w.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wsjB3_tj0w.lnk", lpFilePart=0x0) returned 0x4a [0222.023] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wsjB3_tj0w.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wsjB3_tj0w.lnk.rtcrypted", lpFilePart=0x0) returned 0x54 [0222.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.023] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wsjB3_tj0w.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wsjb3_tj0w.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc25ed61, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18b70eb4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18b70eb4, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2ff)) returned 1 [0222.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.023] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wsjB3_tj0w.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wsjb3_tj0w.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wsjB3_tj0w.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wsjb3_tj0w.lnk.rtcrypted")) returned 1 [0222.026] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.027] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.027] GetFileType (hFile=0x2cc) returned 0x1 [0222.027] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.027] GetFileType (hFile=0x2cc) returned 0x1 [0222.028] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x37c0 [0222.028] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f5df8*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22f5df8*, lpNumberOfBytesWritten=0x15ecc8*=0x4b, lpOverlapped=0x0) returned 1 [0222.029] CloseHandle (hObject=0x2cc) returned 1 [0222.030] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.030] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wy7xkGTjTM8mqiSz.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wy7xkGTjTM8mqiSz.lnk", lpFilePart=0x0) returned 0x50 [0222.030] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.031] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wy7xkGTjTM8mqiSz.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wy7xkgtjtm8mqisz.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.031] GetFileType (hFile=0x2cc) returned 0x1 [0222.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.031] GetFileType (hFile=0x2cc) returned 0x1 [0222.031] ReadFile (in: hFile=0x2cc, lpBuffer=0x22f73a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22f73a8*, lpNumberOfBytesRead=0x15edd8*=0x5d9, lpOverlapped=0x0) returned 1 [0222.032] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.032] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f73a8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22f73a8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.032] CloseHandle (hObject=0x2cc) returned 1 [0222.045] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wy7xkGTjTM8mqiSz.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wy7xkGTjTM8mqiSz.lnk", lpFilePart=0x0) returned 0x50 [0222.046] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wy7xkGTjTM8mqiSz.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wy7xkGTjTM8mqiSz.lnk.rtcrypted", lpFilePart=0x0) returned 0x5a [0222.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.046] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wy7xkGTjTM8mqiSz.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wy7xkgtjtm8mqisz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee92c28b, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18b97169, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18b97169, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x5d9)) returned 1 [0222.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.047] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wy7xkGTjTM8mqiSz.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wy7xkgtjtm8mqisz.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wy7xkGTjTM8mqiSz.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\wy7xkgtjtm8mqisz.lnk.rtcrypted")) returned 1 [0222.049] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.049] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.049] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.050] GetFileType (hFile=0x2cc) returned 0x1 [0222.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.050] GetFileType (hFile=0x2cc) returned 0x1 [0222.050] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x380b [0222.052] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f9d50*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22f9d50*, lpNumberOfBytesWritten=0x15ecc8*=0x51, lpOverlapped=0x0) returned 1 [0222.053] CloseHandle (hObject=0x2cc) returned 1 [0222.054] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.054] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XAdPkF7sUkUXx_LAj0.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XAdPkF7sUkUXx_LAj0.lnk", lpFilePart=0x0) returned 0x52 [0222.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.055] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XAdPkF7sUkUXx_LAj0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xadpkf7sukuxx_laj0.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.055] GetFileType (hFile=0x2cc) returned 0x1 [0222.055] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.055] GetFileType (hFile=0x2cc) returned 0x1 [0222.055] ReadFile (in: hFile=0x2cc, lpBuffer=0x22fb300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22fb300*, lpNumberOfBytesRead=0x15edd8*=0x3a8, lpOverlapped=0x0) returned 1 [0222.056] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.056] WriteFile (in: hFile=0x2cc, lpBuffer=0x22fb300*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22fb300*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.056] CloseHandle (hObject=0x2cc) returned 1 [0222.174] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XAdPkF7sUkUXx_LAj0.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XAdPkF7sUkUXx_LAj0.lnk", lpFilePart=0x0) returned 0x52 [0222.174] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XAdPkF7sUkUXx_LAj0.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XAdPkF7sUkUXx_LAj0.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0222.174] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.174] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XAdPkF7sUkUXx_LAj0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xadpkf7sukuxx_laj0.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eb34257, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x18bbd289, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18bbd289, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3a8)) returned 1 [0222.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.175] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XAdPkF7sUkUXx_LAj0.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xadpkf7sukuxx_laj0.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XAdPkF7sUkUXx_LAj0.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xadpkf7sukuxx_laj0.lnk.rtcrypted")) returned 1 [0222.177] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.177] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.178] GetFileType (hFile=0x2cc) returned 0x1 [0222.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.178] GetFileType (hFile=0x2cc) returned 0x1 [0222.178] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x385c [0222.179] WriteFile (in: hFile=0x2cc, lpBuffer=0x214c948*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x214c948*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0222.179] CloseHandle (hObject=0x2cc) returned 1 [0222.180] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.181] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XJlr4B62K0xVJsS jZ.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XJlr4B62K0xVJsS jZ.lnk", lpFilePart=0x0) returned 0x52 [0222.181] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.184] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XJlr4B62K0xVJsS jZ.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xjlr4b62k0xvjss jz.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.184] GetFileType (hFile=0x2cc) returned 0x1 [0222.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.184] GetFileType (hFile=0x2cc) returned 0x1 [0222.185] ReadFile (in: hFile=0x2cc, lpBuffer=0x214df10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x214df10*, lpNumberOfBytesRead=0x15edd8*=0x3f3, lpOverlapped=0x0) returned 1 [0222.185] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.185] WriteFile (in: hFile=0x2cc, lpBuffer=0x214df10*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x214df10*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.186] CloseHandle (hObject=0x2cc) returned 1 [0222.186] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XJlr4B62K0xVJsS jZ.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XJlr4B62K0xVJsS jZ.lnk", lpFilePart=0x0) returned 0x52 [0222.186] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XJlr4B62K0xVJsS jZ.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XJlr4B62K0xVJsS jZ.lnk.rtcrypted", lpFilePart=0x0) returned 0x5c [0222.186] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XJlr4B62K0xVJsS jZ.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xjlr4b62k0xvjss jz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef2c11fb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18d14f2e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18d14f2e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3f3)) returned 1 [0222.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.187] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XJlr4B62K0xVJsS jZ.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xjlr4b62k0xvjss jz.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XJlr4B62K0xVJsS jZ.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xjlr4b62k0xvjss jz.lnk.rtcrypted")) returned 1 [0222.188] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.189] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.189] GetFileType (hFile=0x2cc) returned 0x1 [0222.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.189] GetFileType (hFile=0x2cc) returned 0x1 [0222.189] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x38af [0222.190] WriteFile (in: hFile=0x2cc, lpBuffer=0x21508b0*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21508b0*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0222.190] CloseHandle (hObject=0x2cc) returned 1 [0222.191] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.192] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xmWl.csv.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xmWl.csv.lnk", lpFilePart=0x0) returned 0x48 [0222.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.192] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xmWl.csv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xmwl.csv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.193] GetFileType (hFile=0x2cc) returned 0x1 [0222.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.193] GetFileType (hFile=0x2cc) returned 0x1 [0222.194] ReadFile (in: hFile=0x2cc, lpBuffer=0x2151e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2151e58*, lpNumberOfBytesRead=0x15edd8*=0x46f, lpOverlapped=0x0) returned 1 [0222.194] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.194] WriteFile (in: hFile=0x2cc, lpBuffer=0x2151e58*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2151e58*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.195] CloseHandle (hObject=0x2cc) returned 1 [0222.195] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xmWl.csv.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xmWl.csv.lnk", lpFilePart=0x0) returned 0x48 [0222.195] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xmWl.csv.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xmWl.csv.lnk.rtcrypted", lpFilePart=0x0) returned 0x52 [0222.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xmWl.csv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xmwl.csv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe02e3e8c, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18d14f2e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18d14f2e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x46f)) returned 1 [0222.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.196] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xmWl.csv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xmwl.csv.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xmWl.csv.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xmwl.csv.lnk.rtcrypted")) returned 1 [0222.198] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.199] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.199] GetFileType (hFile=0x2cc) returned 0x1 [0222.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.199] GetFileType (hFile=0x2cc) returned 0x1 [0222.199] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3902 [0222.200] WriteFile (in: hFile=0x2cc, lpBuffer=0x21547a8*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21547a8*, lpNumberOfBytesWritten=0x15ecc8*=0x49, lpOverlapped=0x0) returned 1 [0222.200] CloseHandle (hObject=0x2cc) returned 1 [0222.201] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.202] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xr4V9WaT5ttMZmeN.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xr4V9WaT5ttMZmeN.flv.lnk", lpFilePart=0x0) returned 0x54 [0222.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.202] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xr4V9WaT5ttMZmeN.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xr4v9wat5ttmzmen.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.203] GetFileType (hFile=0x2cc) returned 0x1 [0222.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.203] GetFileType (hFile=0x2cc) returned 0x1 [0222.204] ReadFile (in: hFile=0x2cc, lpBuffer=0x2155d80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2155d80*, lpNumberOfBytesRead=0x15edd8*=0x447, lpOverlapped=0x0) returned 1 [0222.204] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.204] WriteFile (in: hFile=0x2cc, lpBuffer=0x2155d80*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2155d80*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.205] CloseHandle (hObject=0x2cc) returned 1 [0222.207] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xr4V9WaT5ttMZmeN.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xr4V9WaT5ttMZmeN.flv.lnk", lpFilePart=0x0) returned 0x54 [0222.208] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xr4V9WaT5ttMZmeN.flv.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xr4V9WaT5ttMZmeN.flv.lnk.rtcrypted", lpFilePart=0x0) returned 0x5e [0222.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.208] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xr4V9WaT5ttMZmeN.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xr4v9wat5ttmzmen.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70074c, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x18d3a8b6, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18d3a8b6, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x447)) returned 1 [0222.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.208] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xr4V9WaT5ttMZmeN.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xr4v9wat5ttmzmen.flv.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xr4V9WaT5ttMZmeN.flv.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xr4v9wat5ttmzmen.flv.lnk.rtcrypted")) returned 1 [0222.210] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.210] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.211] GetFileType (hFile=0x2cc) returned 0x1 [0222.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.211] GetFileType (hFile=0x2cc) returned 0x1 [0222.211] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x394b [0222.212] WriteFile (in: hFile=0x2cc, lpBuffer=0x2158730*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2158730*, lpNumberOfBytesWritten=0x15ecc8*=0x55, lpOverlapped=0x0) returned 1 [0222.212] CloseHandle (hObject=0x2cc) returned 1 [0222.214] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.215] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xRlhM7BkA6.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xRlhM7BkA6.lnk", lpFilePart=0x0) returned 0x4a [0222.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.215] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xRlhM7BkA6.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xrlhm7bka6.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.216] GetFileType (hFile=0x2cc) returned 0x1 [0222.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.216] GetFileType (hFile=0x2cc) returned 0x1 [0222.216] ReadFile (in: hFile=0x2cc, lpBuffer=0x2159cc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2159cc0*, lpNumberOfBytesRead=0x15edd8*=0x3ec, lpOverlapped=0x0) returned 1 [0222.216] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.217] WriteFile (in: hFile=0x2cc, lpBuffer=0x2159cc0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2159cc0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.217] CloseHandle (hObject=0x2cc) returned 1 [0222.218] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xRlhM7BkA6.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xRlhM7BkA6.lnk", lpFilePart=0x0) returned 0x4a [0222.218] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xRlhM7BkA6.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xRlhM7BkA6.lnk.rtcrypted", lpFilePart=0x0) returned 0x54 [0222.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.218] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xRlhM7BkA6.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xrlhm7bka6.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9066965, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18d60d19, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18d60d19, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3ec)) returned 1 [0222.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.219] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xRlhM7BkA6.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xrlhm7bka6.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xRlhM7BkA6.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xrlhm7bka6.lnk.rtcrypted")) returned 1 [0222.220] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.220] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.221] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.221] GetFileType (hFile=0x2cc) returned 0x1 [0222.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.221] GetFileType (hFile=0x2cc) returned 0x1 [0222.221] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x39a0 [0222.222] WriteFile (in: hFile=0x2cc, lpBuffer=0x215c638*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x215c638*, lpNumberOfBytesWritten=0x15ecc8*=0x4b, lpOverlapped=0x0) returned 1 [0222.222] CloseHandle (hObject=0x2cc) returned 1 [0222.223] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.224] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xvc2R9.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xvc2R9.flv.lnk", lpFilePart=0x0) returned 0x4a [0222.224] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.224] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xvc2R9.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xvc2r9.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.224] GetFileType (hFile=0x2cc) returned 0x1 [0222.224] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.225] GetFileType (hFile=0x2cc) returned 0x1 [0222.225] ReadFile (in: hFile=0x2cc, lpBuffer=0x215dbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x215dbc8*, lpNumberOfBytesRead=0x15edd8*=0x2e9, lpOverlapped=0x0) returned 1 [0222.225] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.225] WriteFile (in: hFile=0x2cc, lpBuffer=0x215dbc8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x215dbc8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.225] CloseHandle (hObject=0x2cc) returned 1 [0222.226] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xvc2R9.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xvc2R9.flv.lnk", lpFilePart=0x0) returned 0x4a [0222.226] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xvc2R9.flv.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xvc2R9.flv.lnk.rtcrypted", lpFilePart=0x0) returned 0x54 [0222.227] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.227] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xvc2R9.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xvc2r9.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1f995c, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x18d60d19, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18d60d19, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2e9)) returned 1 [0222.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.227] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xvc2R9.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xvc2r9.flv.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xvc2R9.flv.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\xvc2r9.flv.lnk.rtcrypted")) returned 1 [0222.229] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.229] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.229] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.230] GetFileType (hFile=0x2cc) returned 0x1 [0222.230] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.230] GetFileType (hFile=0x2cc) returned 0x1 [0222.230] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x39eb [0222.230] WriteFile (in: hFile=0x2cc, lpBuffer=0x2160540*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2160540*, lpNumberOfBytesWritten=0x15ecc8*=0x4b, lpOverlapped=0x0) returned 1 [0222.230] CloseHandle (hObject=0x2cc) returned 1 [0222.231] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.232] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YkjIrU5f.pps.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YkjIrU5f.pps.lnk", lpFilePart=0x0) returned 0x4c [0222.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.232] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YkjIrU5f.pps.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ykjiru5f.pps.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.232] GetFileType (hFile=0x2cc) returned 0x1 [0222.232] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.232] GetFileType (hFile=0x2cc) returned 0x1 [0222.232] ReadFile (in: hFile=0x2cc, lpBuffer=0x2161ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2161ae0*, lpNumberOfBytesRead=0x15edd8*=0x2f5, lpOverlapped=0x0) returned 1 [0222.233] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.233] WriteFile (in: hFile=0x2cc, lpBuffer=0x2161ae0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2161ae0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.233] CloseHandle (hObject=0x2cc) returned 1 [0222.233] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YkjIrU5f.pps.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YkjIrU5f.pps.lnk", lpFilePart=0x0) returned 0x4c [0222.233] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YkjIrU5f.pps.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YkjIrU5f.pps.lnk.rtcrypted", lpFilePart=0x0) returned 0x56 [0222.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.234] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YkjIrU5f.pps.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ykjiru5f.pps.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa5dbbd1, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18d86a6b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18d86a6b, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2f5)) returned 1 [0222.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.234] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YkjIrU5f.pps.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ykjiru5f.pps.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YkjIrU5f.pps.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\ykjiru5f.pps.lnk.rtcrypted")) returned 1 [0222.236] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.236] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.236] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.236] GetFileType (hFile=0x2cc) returned 0x1 [0222.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.237] GetFileType (hFile=0x2cc) returned 0x1 [0222.237] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3a36 [0222.237] WriteFile (in: hFile=0x2cc, lpBuffer=0x2164468*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2164468*, lpNumberOfBytesWritten=0x15ecc8*=0x4d, lpOverlapped=0x0) returned 1 [0222.237] CloseHandle (hObject=0x2cc) returned 1 [0222.239] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.239] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Yme_Rm4L2kuXKjrR V.odp.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Yme_Rm4L2kuXKjrR V.odp.lnk", lpFilePart=0x0) returned 0x56 [0222.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.240] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Yme_Rm4L2kuXKjrR V.odp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\yme_rm4l2kuxkjrr v.odp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.240] GetFileType (hFile=0x2cc) returned 0x1 [0222.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.240] GetFileType (hFile=0x2cc) returned 0x1 [0222.240] ReadFile (in: hFile=0x2cc, lpBuffer=0x2165a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2165a28*, lpNumberOfBytesRead=0x15edd8*=0x3fa, lpOverlapped=0x0) returned 1 [0222.240] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.241] WriteFile (in: hFile=0x2cc, lpBuffer=0x2165a28*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2165a28*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.241] CloseHandle (hObject=0x2cc) returned 1 [0222.241] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Yme_Rm4L2kuXKjrR V.odp.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Yme_Rm4L2kuXKjrR V.odp.lnk", lpFilePart=0x0) returned 0x56 [0222.241] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Yme_Rm4L2kuXKjrR V.odp.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Yme_Rm4L2kuXKjrR V.odp.lnk.rtcrypted", lpFilePart=0x0) returned 0x60 [0222.242] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.242] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Yme_Rm4L2kuXKjrR V.odp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\yme_rm4l2kuxkjrr v.odp.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb208033, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x18d86a6b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18d86a6b, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3fa)) returned 1 [0222.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.242] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Yme_Rm4L2kuXKjrR V.odp.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\yme_rm4l2kuxkjrr v.odp.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Yme_Rm4L2kuXKjrR V.odp.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\yme_rm4l2kuxkjrr v.odp.lnk.rtcrypted")) returned 1 [0222.244] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.245] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.245] GetFileType (hFile=0x2cc) returned 0x1 [0222.246] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.246] GetFileType (hFile=0x2cc) returned 0x1 [0222.246] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3a83 [0222.246] WriteFile (in: hFile=0x2cc, lpBuffer=0x2168400*, nNumberOfBytesToWrite=0x57, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2168400*, lpNumberOfBytesWritten=0x15ecc8*=0x57, lpOverlapped=0x0) returned 1 [0222.247] CloseHandle (hObject=0x2cc) returned 1 [0222.248] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.248] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zCcWRD8QwPIFlQ2Uo.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zCcWRD8QwPIFlQ2Uo.lnk", lpFilePart=0x0) returned 0x51 [0222.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.249] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zCcWRD8QwPIFlQ2Uo.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\zccwrd8qwpiflq2uo.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.249] GetFileType (hFile=0x2cc) returned 0x1 [0222.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.249] GetFileType (hFile=0x2cc) returned 0x1 [0222.249] ReadFile (in: hFile=0x2cc, lpBuffer=0x21699b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21699b0*, lpNumberOfBytesRead=0x15edd8*=0x46c, lpOverlapped=0x0) returned 1 [0222.250] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.250] WriteFile (in: hFile=0x2cc, lpBuffer=0x21699b0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21699b0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.250] CloseHandle (hObject=0x2cc) returned 1 [0222.250] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zCcWRD8QwPIFlQ2Uo.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zCcWRD8QwPIFlQ2Uo.lnk", lpFilePart=0x0) returned 0x51 [0222.251] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zCcWRD8QwPIFlQ2Uo.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zCcWRD8QwPIFlQ2Uo.lnk.rtcrypted", lpFilePart=0x0) returned 0x5b [0222.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zCcWRD8QwPIFlQ2Uo.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\zccwrd8qwpiflq2uo.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9533829, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x18dad0f2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18dad0f2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x46c)) returned 1 [0222.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.251] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zCcWRD8QwPIFlQ2Uo.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\zccwrd8qwpiflq2uo.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zCcWRD8QwPIFlQ2Uo.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\zccwrd8qwpiflq2uo.lnk.rtcrypted")) returned 1 [0222.253] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.254] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.254] GetFileType (hFile=0x2cc) returned 0x1 [0222.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.254] GetFileType (hFile=0x2cc) returned 0x1 [0222.254] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3ada [0222.255] WriteFile (in: hFile=0x2cc, lpBuffer=0x216c358*, nNumberOfBytesToWrite=0x52, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x216c358*, lpNumberOfBytesWritten=0x15ecc8*=0x52, lpOverlapped=0x0) returned 1 [0222.255] CloseHandle (hObject=0x2cc) returned 1 [0222.256] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.257] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZRXGsN4Yw6b0TwCVAl.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZRXGsN4Yw6b0TwCVAl.flv.lnk", lpFilePart=0x0) returned 0x56 [0222.257] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.257] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZRXGsN4Yw6b0TwCVAl.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\zrxgsn4yw6b0twcval.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.257] GetFileType (hFile=0x2cc) returned 0x1 [0222.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.258] GetFileType (hFile=0x2cc) returned 0x1 [0222.258] ReadFile (in: hFile=0x2cc, lpBuffer=0x216d918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x216d918*, lpNumberOfBytesRead=0x15edd8*=0x451, lpOverlapped=0x0) returned 1 [0222.258] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.258] WriteFile (in: hFile=0x2cc, lpBuffer=0x216d918*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x216d918*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.259] CloseHandle (hObject=0x2cc) returned 1 [0222.259] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZRXGsN4Yw6b0TwCVAl.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZRXGsN4Yw6b0TwCVAl.flv.lnk", lpFilePart=0x0) returned 0x56 [0222.259] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZRXGsN4Yw6b0TwCVAl.flv.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZRXGsN4Yw6b0TwCVAl.flv.lnk.rtcrypted", lpFilePart=0x0) returned 0x60 [0222.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.262] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZRXGsN4Yw6b0TwCVAl.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\zrxgsn4yw6b0twcval.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3eabc09, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18dad0f2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18dad0f2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x451)) returned 1 [0222.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.263] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZRXGsN4Yw6b0TwCVAl.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\zrxgsn4yw6b0twcval.flv.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZRXGsN4Yw6b0TwCVAl.flv.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\zrxgsn4yw6b0twcval.flv.lnk.rtcrypted")) returned 1 [0222.264] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.265] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.265] GetFileType (hFile=0x2cc) returned 0x1 [0222.265] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.265] GetFileType (hFile=0x2cc) returned 0x1 [0222.265] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3b2c [0222.266] WriteFile (in: hFile=0x2cc, lpBuffer=0x21702f0*, nNumberOfBytesToWrite=0x57, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21702f0*, lpNumberOfBytesWritten=0x15ecc8*=0x57, lpOverlapped=0x0) returned 1 [0222.266] CloseHandle (hObject=0x2cc) returned 1 [0222.267] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.268] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZzS4.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZzS4.flv.lnk", lpFilePart=0x0) returned 0x48 [0222.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.268] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZzS4.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\zzs4.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.268] GetFileType (hFile=0x2cc) returned 0x1 [0222.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.269] GetFileType (hFile=0x2cc) returned 0x1 [0222.269] ReadFile (in: hFile=0x2cc, lpBuffer=0x2171880, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2171880*, lpNumberOfBytesRead=0x15edd8*=0x399, lpOverlapped=0x0) returned 1 [0222.269] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.269] WriteFile (in: hFile=0x2cc, lpBuffer=0x2171880*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2171880*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.270] CloseHandle (hObject=0x2cc) returned 1 [0222.270] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZzS4.flv.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZzS4.flv.lnk", lpFilePart=0x0) returned 0x48 [0222.270] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZzS4.flv.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZzS4.flv.lnk.rtcrypted", lpFilePart=0x0) returned 0x52 [0222.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.270] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZzS4.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\zzs4.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4da3094, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x18dd35a0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18dd35a0, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x399)) returned 1 [0222.271] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.271] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZzS4.flv.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\zzs4.flv.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZzS4.flv.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\zzs4.flv.lnk.rtcrypted")) returned 1 [0222.273] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.273] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.274] GetFileType (hFile=0x2cc) returned 0x1 [0222.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.274] GetFileType (hFile=0x2cc) returned 0x1 [0222.274] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3b83 [0222.275] WriteFile (in: hFile=0x2cc, lpBuffer=0x21741e8*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21741e8*, lpNumberOfBytesWritten=0x15ecc8*=0x49, lpOverlapped=0x0) returned 1 [0222.275] CloseHandle (hObject=0x2cc) returned 1 [0222.277] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.277] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\__elk.ppt.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\__elk.ppt.lnk", lpFilePart=0x0) returned 0x49 [0222.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.278] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\__elk.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\__elk.ppt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.278] GetFileType (hFile=0x2cc) returned 0x1 [0222.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.278] GetFileType (hFile=0x2cc) returned 0x1 [0222.278] ReadFile (in: hFile=0x2cc, lpBuffer=0x2175778, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2175778*, lpNumberOfBytesRead=0x15edd8*=0x3cf, lpOverlapped=0x0) returned 1 [0222.279] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.279] WriteFile (in: hFile=0x2cc, lpBuffer=0x2175778*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2175778*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.279] CloseHandle (hObject=0x2cc) returned 1 [0222.280] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\__elk.ppt.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\__elk.ppt.lnk", lpFilePart=0x0) returned 0x49 [0222.280] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\__elk.ppt.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\__elk.ppt.lnk.rtcrypted", lpFilePart=0x0) returned 0x53 [0222.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.280] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\__elk.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\__elk.ppt.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1506ecb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x18df9296, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18df9296, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3cf)) returned 1 [0222.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.280] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\__elk.ppt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\__elk.ppt.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\__elk.ppt.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\__elk.ppt.lnk.rtcrypted")) returned 1 [0222.282] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.282] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.282] GetFileType (hFile=0x2cc) returned 0x1 [0222.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.283] GetFileType (hFile=0x2cc) returned 0x1 [0222.283] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3bcc [0222.284] WriteFile (in: hFile=0x2cc, lpBuffer=0x21780e0*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21780e0*, lpNumberOfBytesWritten=0x15ecc8*=0x4a, lpOverlapped=0x0) returned 1 [0222.284] CloseHandle (hObject=0x2cc) returned 1 [0222.285] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.285] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Bluetooth File Transfer.LNK", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Bluetooth File Transfer.LNK", lpFilePart=0x0) returned 0x57 [0222.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.286] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Bluetooth File Transfer.LNK" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\sendto\\bluetooth file transfer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.288] GetFileType (hFile=0x2cc) returned 0x1 [0222.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.288] GetFileType (hFile=0x2cc) returned 0x1 [0222.288] ReadFile (in: hFile=0x2cc, lpBuffer=0x21796a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21796a0*, lpNumberOfBytesRead=0x15edd8*=0x41b, lpOverlapped=0x0) returned 1 [0222.292] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.293] WriteFile (in: hFile=0x2cc, lpBuffer=0x21796a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21796a0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.293] CloseHandle (hObject=0x2cc) returned 1 [0222.293] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Bluetooth File Transfer.LNK", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Bluetooth File Transfer.LNK", lpFilePart=0x0) returned 0x57 [0222.294] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Bluetooth File Transfer.LNK.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Bluetooth File Transfer.LNK.rtcrypted", lpFilePart=0x0) returned 0x61 [0222.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.294] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Bluetooth File Transfer.LNK" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\sendto\\bluetooth file transfer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdc42a089, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0x18e1f5d8, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18e1f5d8, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x41b)) returned 1 [0222.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.294] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Bluetooth File Transfer.LNK" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\sendto\\bluetooth file transfer.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Bluetooth File Transfer.LNK.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\sendto\\bluetooth file transfer.lnk.rtcrypted")) returned 1 [0222.296] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.296] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.297] GetFileType (hFile=0x2cc) returned 0x1 [0222.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.297] GetFileType (hFile=0x2cc) returned 0x1 [0222.297] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3c16 [0222.298] WriteFile (in: hFile=0x2cc, lpBuffer=0x217c080*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x217c080*, lpNumberOfBytesWritten=0x15ecc8*=0x58, lpOverlapped=0x0) returned 1 [0222.298] CloseHandle (hObject=0x2cc) returned 1 [0222.299] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.300] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk", lpFilePart=0x0) returned 0x4d [0222.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.300] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.300] GetFileType (hFile=0x2cc) returned 0x1 [0222.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.301] GetFileType (hFile=0x2cc) returned 0x1 [0222.301] ReadFile (in: hFile=0x2cc, lpBuffer=0x217d620, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x217d620*, lpNumberOfBytesRead=0x15edd8*=0xa13, lpOverlapped=0x0) returned 1 [0222.307] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.307] WriteFile (in: hFile=0x2cc, lpBuffer=0x217d620*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x217d620*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.308] CloseHandle (hObject=0x2cc) returned 1 [0222.308] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk", lpFilePart=0x0) returned 0x4d [0222.308] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk.rtcrypted", lpFilePart=0x0) returned 0x57 [0222.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.308] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32c3bd26, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x18e45901, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18e45901, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xa13)) returned 1 [0222.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.309] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk.rtcrypted")) returned 1 [0222.310] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.311] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.311] GetFileType (hFile=0x2cc) returned 0x1 [0222.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.311] GetFileType (hFile=0x2cc) returned 0x1 [0222.311] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3c6e [0222.312] WriteFile (in: hFile=0x2cc, lpBuffer=0x217ffa8*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x217ffa8*, lpNumberOfBytesWritten=0x15ecc8*=0x4e, lpOverlapped=0x0) returned 1 [0222.312] CloseHandle (hObject=0x2cc) returned 1 [0222.313] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.314] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk", lpFilePart=0x0) returned 0x62 [0222.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.314] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\magnify.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.315] GetFileType (hFile=0x2cc) returned 0x1 [0222.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.315] GetFileType (hFile=0x2cc) returned 0x1 [0222.315] ReadFile (in: hFile=0x2cc, lpBuffer=0x2181560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2181560*, lpNumberOfBytesRead=0x15edd8*=0x452, lpOverlapped=0x0) returned 1 [0222.319] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.319] WriteFile (in: hFile=0x2cc, lpBuffer=0x2181560*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2181560*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.319] CloseHandle (hObject=0x2cc) returned 1 [0222.320] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk", lpFilePart=0x0) returned 0x62 [0222.320] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk.rtcrypted", lpFilePart=0x0) returned 0x6c [0222.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.321] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\magnify.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32ba34df, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x18e45901, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18e45901, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x452)) returned 1 [0222.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.321] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\magnify.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\magnify.lnk.rtcrypted")) returned 1 [0222.323] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.324] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.324] GetFileType (hFile=0x2cc) returned 0x1 [0222.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.324] GetFileType (hFile=0x2cc) returned 0x1 [0222.324] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3cbc [0222.325] WriteFile (in: hFile=0x2cc, lpBuffer=0x2183f98*, nNumberOfBytesToWrite=0x63, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2183f98*, lpNumberOfBytesWritten=0x15ecc8*=0x63, lpOverlapped=0x0) returned 1 [0222.325] CloseHandle (hObject=0x2cc) returned 1 [0222.326] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.327] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk", lpFilePart=0x0) returned 0x63 [0222.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.327] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\narrator.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.328] GetFileType (hFile=0x2cc) returned 0x1 [0222.328] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.328] GetFileType (hFile=0x2cc) returned 0x1 [0222.328] ReadFile (in: hFile=0x2cc, lpBuffer=0x2185558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2185558*, lpNumberOfBytesRead=0x15edd8*=0x454, lpOverlapped=0x0) returned 1 [0222.334] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.334] WriteFile (in: hFile=0x2cc, lpBuffer=0x2185558*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2185558*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.334] CloseHandle (hObject=0x2cc) returned 1 [0222.334] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk", lpFilePart=0x0) returned 0x63 [0222.335] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk.rtcrypted", lpFilePart=0x0) returned 0x6d [0222.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\narrator.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b7d06f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x18e6bc7c, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18e6bc7c, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x454)) returned 1 [0222.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.335] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\narrator.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\narrator.lnk.rtcrypted")) returned 1 [0222.336] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.336] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.337] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.337] GetFileType (hFile=0x2cc) returned 0x1 [0222.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0222.337] GetFileType (hFile=0x2cc) returned 0x1 [0222.337] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3d1f [0222.339] WriteFile (in: hFile=0x2cc, lpBuffer=0x2187f98*, nNumberOfBytesToWrite=0x64, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2187f98*, lpNumberOfBytesWritten=0x15ecc8*=0x64, lpOverlapped=0x0) returned 1 [0222.339] CloseHandle (hObject=0x2cc) returned 1 [0222.341] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.341] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk", lpFilePart=0x0) returned 0x6d [0222.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0222.342] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\on-screen keyboard.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.342] GetFileType (hFile=0x2cc) returned 0x1 [0222.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0222.342] GetFileType (hFile=0x2cc) returned 0x1 [0222.342] ReadFile (in: hFile=0x2cc, lpBuffer=0x2189580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2189580*, lpNumberOfBytesRead=0x15edd8*=0x452, lpOverlapped=0x0) returned 1 [0222.351] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.351] WriteFile (in: hFile=0x2cc, lpBuffer=0x2189580*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2189580*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.351] CloseHandle (hObject=0x2cc) returned 1 [0222.353] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk", lpFilePart=0x0) returned 0x6d [0222.353] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk.rtcrypted", lpFilePart=0x0) returned 0x77 [0222.353] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0222.353] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\on-screen keyboard.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b56f5c, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x18e91d4e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18e91d4e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x452)) returned 1 [0222.353] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0222.353] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\on-screen keyboard.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\on-screen keyboard.lnk.rtcrypted")) returned 1 [0222.358] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0222.359] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.359] GetFileType (hFile=0x2cc) returned 0x1 [0222.359] GetFileType (hFile=0x2cc) returned 0x1 [0222.359] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3d83 [0222.360] WriteFile (in: hFile=0x2cc, lpBuffer=0x218c008*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x218c008*, lpNumberOfBytesWritten=0x15ecc8*=0x6e, lpOverlapped=0x0) returned 1 [0222.360] CloseHandle (hObject=0x2cc) returned 1 [0222.361] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.362] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Internet Explorer.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Internet Explorer.lnk", lpFilePart=0x0) returned 0x6a [0222.362] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Internet Explorer.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\internet explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.363] GetFileType (hFile=0x2cc) returned 0x1 [0222.363] GetFileType (hFile=0x2cc) returned 0x1 [0222.363] ReadFile (in: hFile=0x2cc, lpBuffer=0x218d5e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x218d5e8*, lpNumberOfBytesRead=0x15edd8*=0x53e, lpOverlapped=0x0) returned 1 [0222.365] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.365] WriteFile (in: hFile=0x2cc, lpBuffer=0x218d5e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x218d5e8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.366] CloseHandle (hObject=0x2cc) returned 1 [0222.369] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Internet Explorer.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Internet Explorer.lnk", lpFilePart=0x0) returned 0x6a [0222.369] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Internet Explorer.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Internet Explorer.lnk.rtcrypted", lpFilePart=0x0) returned 0x74 [0222.369] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Internet Explorer.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\internet explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e9f2b5a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x18eb7c75, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18eb7c75, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x53e)) returned 1 [0222.370] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Internet Explorer.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\internet explorer.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Internet Explorer.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\internet explorer.lnk.rtcrypted")) returned 1 [0222.375] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.375] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.375] GetFileType (hFile=0x2cc) returned 0x1 [0222.375] GetFileType (hFile=0x2cc) returned 0x1 [0222.375] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3df1 [0222.376] WriteFile (in: hFile=0x2cc, lpBuffer=0x2190060*, nNumberOfBytesToWrite=0x6b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2190060*, lpNumberOfBytesWritten=0x15ecc8*=0x6b, lpOverlapped=0x0) returned 1 [0222.377] CloseHandle (hObject=0x2cc) returned 1 [0222.377] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.378] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk", lpFilePart=0x0) returned 0x6e [0222.378] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\administrative tools.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.379] GetFileType (hFile=0x2cc) returned 0x1 [0222.379] GetFileType (hFile=0x2cc) returned 0x1 [0222.379] ReadFile (in: hFile=0x2cc, lpBuffer=0x2191650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2191650*, lpNumberOfBytesRead=0x15edd8*=0x501, lpOverlapped=0x0) returned 1 [0222.382] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.383] WriteFile (in: hFile=0x2cc, lpBuffer=0x2191650*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2191650*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.383] CloseHandle (hObject=0x2cc) returned 1 [0222.383] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk", lpFilePart=0x0) returned 0x6e [0222.384] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk.rtcrypted", lpFilePart=0x0) returned 0x78 [0222.384] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\administrative tools.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32a98310, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x18ede1e3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18ede1e3, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x501)) returned 1 [0222.384] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\administrative tools.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\administrative tools.lnk.rtcrypted")) returned 1 [0222.386] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.387] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.387] GetFileType (hFile=0x2cc) returned 0x1 [0222.387] GetFileType (hFile=0x2cc) returned 0x1 [0222.387] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3e5c [0222.388] WriteFile (in: hFile=0x2cc, lpBuffer=0x21940e8*, nNumberOfBytesToWrite=0x6f, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21940e8*, lpNumberOfBytesWritten=0x15ecc8*=0x6f, lpOverlapped=0x0) returned 1 [0222.389] CloseHandle (hObject=0x2cc) returned 1 [0222.390] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.390] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk", lpFilePart=0x0) returned 0x68 [0222.390] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\command prompt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.391] GetFileType (hFile=0x2cc) returned 0x1 [0222.391] GetFileType (hFile=0x2cc) returned 0x1 [0222.391] ReadFile (in: hFile=0x2cc, lpBuffer=0x21956c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21956c0*, lpNumberOfBytesRead=0x15edd8*=0x476, lpOverlapped=0x0) returned 1 [0222.396] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.396] WriteFile (in: hFile=0x2cc, lpBuffer=0x21956c0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21956c0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.397] CloseHandle (hObject=0x2cc) returned 1 [0222.398] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk", lpFilePart=0x0) returned 0x68 [0222.398] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk.rtcrypted", lpFilePart=0x0) returned 0x72 [0222.399] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\command prompt.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32a71e98, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x18f0437a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18f0437a, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x476)) returned 1 [0222.399] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\command prompt.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\command prompt.lnk.rtcrypted")) returned 1 [0222.424] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.425] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.425] GetFileType (hFile=0x2cc) returned 0x1 [0222.425] GetFileType (hFile=0x2cc) returned 0x1 [0222.425] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3ecb [0222.426] WriteFile (in: hFile=0x2cc, lpBuffer=0x2198128*, nNumberOfBytesToWrite=0x69, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2198128*, lpNumberOfBytesWritten=0x15ecc8*=0x69, lpOverlapped=0x0) returned 1 [0222.427] CloseHandle (hObject=0x2cc) returned 1 [0222.428] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.429] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk", lpFilePart=0x0) returned 0x62 [0222.429] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\computer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.430] GetFileType (hFile=0x2cc) returned 0x1 [0222.430] GetFileType (hFile=0x2cc) returned 0x1 [0222.430] ReadFile (in: hFile=0x2cc, lpBuffer=0x21996e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21996e8*, lpNumberOfBytesRead=0x15edd8*=0x14f, lpOverlapped=0x0) returned 1 [0222.434] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.434] WriteFile (in: hFile=0x2cc, lpBuffer=0x21996e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21996e8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.434] CloseHandle (hObject=0x2cc) returned 1 [0222.437] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk", lpFilePart=0x0) returned 0x62 [0222.437] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk.rtcrypted", lpFilePart=0x0) returned 0x6c [0222.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\computer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32a4bdc0, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x18f76d0b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18f76d0b, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x14f)) returned 1 [0222.437] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\computer.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\computer.lnk.rtcrypted")) returned 1 [0222.443] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.444] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.444] GetFileType (hFile=0x2cc) returned 0x1 [0222.444] GetFileType (hFile=0x2cc) returned 0x1 [0222.444] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3f34 [0222.445] WriteFile (in: hFile=0x2cc, lpBuffer=0x219c120*, nNumberOfBytesToWrite=0x63, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x219c120*, lpNumberOfBytesWritten=0x15ecc8*=0x63, lpOverlapped=0x0) returned 1 [0222.446] CloseHandle (hObject=0x2cc) returned 1 [0222.447] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.448] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk", lpFilePart=0x0) returned 0x67 [0222.448] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\control panel.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.449] GetFileType (hFile=0x2cc) returned 0x1 [0222.449] GetFileType (hFile=0x2cc) returned 0x1 [0222.449] ReadFile (in: hFile=0x2cc, lpBuffer=0x219d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x219d6f0*, lpNumberOfBytesRead=0x15edd8*=0x195, lpOverlapped=0x0) returned 1 [0222.452] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.452] WriteFile (in: hFile=0x2cc, lpBuffer=0x219d6f0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x219d6f0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.452] CloseHandle (hObject=0x2cc) returned 1 [0222.455] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk", lpFilePart=0x0) returned 0x67 [0222.455] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk.rtcrypted", lpFilePart=0x0) returned 0x71 [0222.455] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\control panel.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32a4bdc0, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x18f9ce49, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18f9ce49, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x195)) returned 1 [0222.455] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\control panel.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\control panel.lnk.rtcrypted")) returned 1 [0222.461] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.461] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.462] GetFileType (hFile=0x2cc) returned 0x1 [0222.462] GetFileType (hFile=0x2cc) returned 0x1 [0222.462] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3f97 [0222.464] WriteFile (in: hFile=0x2cc, lpBuffer=0x21a0150*, nNumberOfBytesToWrite=0x68, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21a0150*, lpNumberOfBytesWritten=0x15ecc8*=0x68, lpOverlapped=0x0) returned 1 [0222.464] CloseHandle (hObject=0x2cc) returned 1 [0222.465] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.466] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk", lpFilePart=0x0) returned 0x67 [0222.466] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\file explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.466] GetFileType (hFile=0x2cc) returned 0x1 [0222.466] GetFileType (hFile=0x2cc) returned 0x1 [0222.467] ReadFile (in: hFile=0x2cc, lpBuffer=0x21a1720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21a1720*, lpNumberOfBytesRead=0x15edd8*=0x197, lpOverlapped=0x0) returned 1 [0222.469] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.469] WriteFile (in: hFile=0x2cc, lpBuffer=0x21a1720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21a1720*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.469] CloseHandle (hObject=0x2cc) returned 1 [0222.472] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk", lpFilePart=0x0) returned 0x67 [0222.472] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk.rtcrypted", lpFilePart=0x0) returned 0x71 [0222.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\file explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3296718f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x18fc302b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18fc302b, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x197)) returned 1 [0222.473] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\file explorer.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\file explorer.lnk.rtcrypted")) returned 1 [0222.478] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.478] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.479] GetFileType (hFile=0x2cc) returned 0x1 [0222.479] GetFileType (hFile=0x2cc) returned 0x1 [0222.480] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x3fff [0222.481] WriteFile (in: hFile=0x2cc, lpBuffer=0x21a4180*, nNumberOfBytesToWrite=0x68, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21a4180*, lpNumberOfBytesWritten=0x15ecc8*=0x68, lpOverlapped=0x0) returned 1 [0222.481] CloseHandle (hObject=0x2cc) returned 1 [0222.482] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.482] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk", lpFilePart=0x0) returned 0x5d [0222.483] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\run.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.483] GetFileType (hFile=0x2cc) returned 0x1 [0222.483] GetFileType (hFile=0x2cc) returned 0x1 [0222.484] ReadFile (in: hFile=0x2cc, lpBuffer=0x21a5728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21a5728*, lpNumberOfBytesRead=0x15edd8*=0x199, lpOverlapped=0x0) returned 1 [0222.486] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.486] WriteFile (in: hFile=0x2cc, lpBuffer=0x21a5728*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21a5728*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.487] CloseHandle (hObject=0x2cc) returned 1 [0222.489] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk", lpFilePart=0x0) returned 0x5d [0222.489] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk.rtcrypted", lpFilePart=0x0) returned 0x67 [0222.489] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\run.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3291ab94, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x18fe93fa, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x18fe93fa, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x199)) returned 1 [0222.489] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\run.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\run.lnk.rtcrypted")) returned 1 [0222.495] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.495] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.496] GetFileType (hFile=0x2cc) returned 0x1 [0222.496] GetFileType (hFile=0x2cc) returned 0x1 [0222.496] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4067 [0222.497] WriteFile (in: hFile=0x2cc, lpBuffer=0x21a8130*, nNumberOfBytesToWrite=0x5e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21a8130*, lpNumberOfBytesWritten=0x15ecc8*=0x5e, lpOverlapped=0x0) returned 1 [0222.497] CloseHandle (hObject=0x2cc) returned 1 [0222.498] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.499] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk", lpFilePart=0x0) returned 0x78 [0222.499] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell (x86).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.500] GetFileType (hFile=0x2cc) returned 0x1 [0222.500] GetFileType (hFile=0x2cc) returned 0x1 [0222.500] ReadFile (in: hFile=0x2cc, lpBuffer=0x21a9740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21a9740*, lpNumberOfBytesRead=0x15edd8*=0x9eb, lpOverlapped=0x0) returned 1 [0222.504] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0222.504] WriteFile (in: hFile=0x2cc, lpBuffer=0x21a9740*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21a9740*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0222.504] CloseHandle (hObject=0x2cc) returned 1 [0222.506] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk", lpFilePart=0x0) returned 0x78 [0222.506] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk.rtcrypted", lpFilePart=0x0) returned 0x82 [0222.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell (x86).lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x328f47f7, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x1900f63a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1900f63a, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x9eb)) returned 1 [0222.507] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell (x86).lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell (x86).lnk.rtcrypted")) returned 1 [0222.512] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0222.513] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.513] GetFileType (hFile=0x2cc) returned 0x1 [0222.513] GetFileType (hFile=0x2cc) returned 0x1 [0222.513] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x40c5 [0222.514] WriteFile (in: hFile=0x2cc, lpBuffer=0x21ac228*, nNumberOfBytesToWrite=0x79, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21ac228*, lpNumberOfBytesWritten=0x15ecc8*=0x79, lpOverlapped=0x0) returned 1 [0222.514] CloseHandle (hObject=0x2cc) returned 1 [0222.515] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0222.516] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.581] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\windows powershell.lnk.rtcrypted")) returned 1 [0222.586] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.589] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.590] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg.rtcrypted")) returned 1 [0222.592] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.594] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\9AS0zmhI1IuF3gKIE7k.mp4" (normalized: "c:\\users\\oqxzraykm\\desktop\\9as0zmhi1iuf3gkie7k.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.597] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\9AS0zmhI1IuF3gKIE7k.mp4" (normalized: "c:\\users\\oqxzraykm\\desktop\\9as0zmhi1iuf3gkie7k.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\9AS0zmhI1IuF3gKIE7k.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\9as0zmhi1iuf3gkie7k.mp4.rtcrypted")) returned 1 [0222.600] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.603] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\aejUOooWI.png" (normalized: "c:\\users\\oqxzraykm\\desktop\\aejuooowi.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.607] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\aejUOooWI.png" (normalized: "c:\\users\\oqxzraykm\\desktop\\aejuooowi.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\aejUOooWI.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\aejuooowi.png.rtcrypted")) returned 1 [0222.610] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.612] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\A_VTOyBLcz6NRbG97.xlsx" (normalized: "c:\\users\\oqxzraykm\\desktop\\a_vtoyblcz6nrbg97.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.616] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\A_VTOyBLcz6NRbG97.xlsx" (normalized: "c:\\users\\oqxzraykm\\desktop\\a_vtoyblcz6nrbg97.xlsx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\A_VTOyBLcz6NRbG97.xlsx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\a_vtoyblcz6nrbg97.xlsx.rtcrypted")) returned 1 [0222.629] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.632] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\CPtLqFgr7.odt" (normalized: "c:\\users\\oqxzraykm\\desktop\\cptlqfgr7.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.636] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\CPtLqFgr7.odt" (normalized: "c:\\users\\oqxzraykm\\desktop\\cptlqfgr7.odt"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\CPtLqFgr7.odt.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\cptlqfgr7.odt.rtcrypted")) returned 1 [0222.639] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.642] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\eM1JFyu4JyX_V Ar.doc" (normalized: "c:\\users\\oqxzraykm\\desktop\\em1jfyu4jyx_v ar.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.645] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\eM1JFyu4JyX_V Ar.doc" (normalized: "c:\\users\\oqxzraykm\\desktop\\em1jfyu4jyx_v ar.doc"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\eM1JFyu4JyX_V Ar.doc.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\em1jfyu4jyx_v ar.doc.rtcrypted")) returned 1 [0222.648] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.651] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\JXeScA2ioPeBdV4Lv_Z.png" (normalized: "c:\\users\\oqxzraykm\\desktop\\jxesca2iopebdv4lv_z.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.655] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\JXeScA2ioPeBdV4Lv_Z.png" (normalized: "c:\\users\\oqxzraykm\\desktop\\jxesca2iopebdv4lv_z.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\JXeScA2ioPeBdV4Lv_Z.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\jxesca2iopebdv4lv_z.png.rtcrypted")) returned 1 [0222.658] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.660] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\kJxyHJTcJmHZA00.mp4" (normalized: "c:\\users\\oqxzraykm\\desktop\\kjxyhjtcjmhza00.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.663] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\kJxyHJTcJmHZA00.mp4" (normalized: "c:\\users\\oqxzraykm\\desktop\\kjxyhjtcjmhza00.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\kJxyHJTcJmHZA00.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\kjxyhjtcjmhza00.mp4.rtcrypted")) returned 1 [0222.667] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.669] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\N8uzo0.png" (normalized: "c:\\users\\oqxzraykm\\desktop\\n8uzo0.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.672] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\N8uzo0.png" (normalized: "c:\\users\\oqxzraykm\\desktop\\n8uzo0.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\N8uzo0.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\n8uzo0.png.rtcrypted")) returned 1 [0222.676] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.677] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\ogw4Mz9WHOq.png" (normalized: "c:\\users\\oqxzraykm\\desktop\\ogw4mz9whoq.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.681] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\ogw4Mz9WHOq.png" (normalized: "c:\\users\\oqxzraykm\\desktop\\ogw4mz9whoq.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\ogw4Mz9WHOq.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\ogw4mz9whoq.png.rtcrypted")) returned 1 [0222.684] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.686] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\oxKt_.mp4" (normalized: "c:\\users\\oqxzraykm\\desktop\\oxkt_.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.690] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\oxKt_.mp4" (normalized: "c:\\users\\oqxzraykm\\desktop\\oxkt_.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\oxKt_.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\oxkt_.mp4.rtcrypted")) returned 1 [0222.693] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.696] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Q4iEH-Vhpy0WGy2.mp3" (normalized: "c:\\users\\oqxzraykm\\desktop\\q4ieh-vhpy0wgy2.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.701] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\Q4iEH-Vhpy0WGy2.mp3" (normalized: "c:\\users\\oqxzraykm\\desktop\\q4ieh-vhpy0wgy2.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\Q4iEH-Vhpy0WGy2.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\q4ieh-vhpy0wgy2.mp3.rtcrypted")) returned 1 [0222.703] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.705] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\rkO e6gc.mp4" (normalized: "c:\\users\\oqxzraykm\\desktop\\rko e6gc.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.709] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\rkO e6gc.mp4" (normalized: "c:\\users\\oqxzraykm\\desktop\\rko e6gc.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\rkO e6gc.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\rko e6gc.mp4.rtcrypted")) returned 1 [0222.712] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.715] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\s3mDZhojg.bmp" (normalized: "c:\\users\\oqxzraykm\\desktop\\s3mdzhojg.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.719] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\s3mDZhojg.bmp" (normalized: "c:\\users\\oqxzraykm\\desktop\\s3mdzhojg.bmp"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\s3mDZhojg.bmp.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\s3mdzhojg.bmp.rtcrypted")) returned 1 [0222.722] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.724] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\sg MXaT5p_6OuAzIkQ9b.odt" (normalized: "c:\\users\\oqxzraykm\\desktop\\sg mxat5p_6ouazikq9b.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.730] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\sg MXaT5p_6OuAzIkQ9b.odt" (normalized: "c:\\users\\oqxzraykm\\desktop\\sg mxat5p_6ouazikq9b.odt"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\sg MXaT5p_6OuAzIkQ9b.odt.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\sg mxat5p_6ouazikq9b.odt.rtcrypted")) returned 1 [0222.733] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.735] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\w7V8A-uHWT3m-XUwfg56.bmp" (normalized: "c:\\users\\oqxzraykm\\desktop\\w7v8a-uhwt3m-xuwfg56.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.739] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\w7V8A-uHWT3m-XUwfg56.bmp" (normalized: "c:\\users\\oqxzraykm\\desktop\\w7v8a-uhwt3m-xuwfg56.bmp"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\w7V8A-uHWT3m-XUwfg56.bmp.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\w7v8a-uhwt3m-xuwfg56.bmp.rtcrypted")) returned 1 [0222.743] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.746] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\wnd4e.ppt" (normalized: "c:\\users\\oqxzraykm\\desktop\\wnd4e.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.750] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\wnd4e.ppt" (normalized: "c:\\users\\oqxzraykm\\desktop\\wnd4e.ppt"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\wnd4e.ppt.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\wnd4e.ppt.rtcrypted")) returned 1 [0222.753] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.755] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\-kzqFR.mp3" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\-kzqfr.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.758] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\-kzqFR.mp3" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\-kzqfr.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\-kzqFR.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\-kzqfr.mp3.rtcrypted")) returned 1 [0222.763] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\3um74xQY2dRtB2 VeQ.jpg" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\3um74xqy2drtb2 veq.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.766] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\3um74xQY2dRtB2 VeQ.jpg" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\3um74xqy2drtb2 veq.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\3um74xQY2dRtB2 VeQ.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\3um74xqy2drtb2 veq.jpg.rtcrypted")) returned 1 [0222.770] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.772] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\eTG7NzXPZhX.jpg" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\etg7nzxpzhx.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.823] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\eTG7NzXPZhX.jpg" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\etg7nzxpzhx.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\eTG7NzXPZhX.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\etg7nzxpzhx.jpg.rtcrypted")) returned 1 [0222.916] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.924] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\gx-lni4aupUfI o.mp3" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\gx-lni4aupufi o.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.944] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\gx-lni4aupUfI o.mp3" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\gx-lni4aupufi o.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\gx-lni4aupUfI o.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\gx-lni4aupufi o.mp3.rtcrypted")) returned 1 [0222.947] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.949] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\prv-43xC-PpR5k.ppt" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\prv-43xc-ppr5k.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.971] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\prv-43xC-PpR5k.ppt" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\prv-43xc-ppr5k.ppt"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\prv-43xC-PpR5k.ppt.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\prv-43xc-ppr5k.ppt.rtcrypted")) returned 1 [0222.975] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0222.978] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\rd6vVBpCT6eLzirYJclG.mp3" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\rd6vvbpct6elziryjclg.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0222.983] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\rd6vVBpCT6eLzirYJclG.mp3" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\rd6vvbpct6elziryjclg.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\rd6vVBpCT6eLzirYJclG.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\rd6vvbpct6elziryjclg.mp3.rtcrypted")) returned 1 [0223.003] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.006] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\wsjB3_tj0w.jpg" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\wsjb3_tj0w.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.010] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\wsjB3_tj0w.jpg" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\wsjb3_tj0w.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\wsjB3_tj0w.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\wsjb3_tj0w.jpg.rtcrypted")) returned 1 [0223.019] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.021] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\amGLU92hTOyVS.pptx" (normalized: "c:\\users\\oqxzraykm\\documents\\amglu92htoyvs.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.023] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\amGLU92hTOyVS.pptx" (normalized: "c:\\users\\oqxzraykm\\documents\\amglu92htoyvs.pptx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\amGLU92hTOyVS.pptx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\amglu92htoyvs.pptx.rtcrypted")) returned 1 [0223.025] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.027] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\aqmU9TUpYSVIUMRXMae4.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\aqmu9tupysviumrxmae4.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.030] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\aqmU9TUpYSVIUMRXMae4.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\aqmu9tupysviumrxmae4.docx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\aqmU9TUpYSVIUMRXMae4.docx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\aqmu9tupysviumrxmae4.docx.rtcrypted")) returned 1 [0223.031] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.040] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\b GzxP7sA1S-0PBuwA.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\b gzxp7sa1s-0pbuwa.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.044] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\b GzxP7sA1S-0PBuwA.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\b gzxp7sa1s-0pbuwa.xlsx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\b GzxP7sA1S-0PBuwA.xlsx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\b gzxp7sa1s-0pbuwa.xlsx.rtcrypted")) returned 1 [0223.046] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.047] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\CIdAi4WoBaReZGuNW3Z.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\cidai4wobarezgunw3z.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.076] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\CIdAi4WoBaReZGuNW3Z.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\cidai4wobarezgunw3z.xlsx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\CIdAi4WoBaReZGuNW3Z.xlsx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\cidai4wobarezgunw3z.xlsx.rtcrypted")) returned 1 [0223.078] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.089] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\e_2t.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\e_2t.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.090] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\e_2t.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\e_2t.docx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\e_2t.docx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\e_2t.docx.rtcrypted")) returned 1 [0223.092] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.093] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\GC 5fQQJc4NHBM7mhV.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\gc 5fqqjc4nhbm7mhv.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.104] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\GC 5fQQJc4NHBM7mhV.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\gc 5fqqjc4nhbm7mhv.docx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\GC 5fQQJc4NHBM7mhV.docx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\gc 5fqqjc4nhbm7mhv.docx.rtcrypted")) returned 1 [0223.106] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.115] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\GDLIsvWIqGajKiRN9dGO.pptx" (normalized: "c:\\users\\oqxzraykm\\documents\\gdlisvwiqgajkirn9dgo.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.117] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\GDLIsvWIqGajKiRN9dGO.pptx" (normalized: "c:\\users\\oqxzraykm\\documents\\gdlisvwiqgajkirn9dgo.pptx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\GDLIsvWIqGajKiRN9dGO.pptx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\gdlisvwiqgajkirn9dgo.pptx.rtcrypted")) returned 1 [0223.118] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.120] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\gmIBz_0QcERv2HE.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\gmibz_0qcerv2he.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.122] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\gmIBz_0QcERv2HE.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\gmibz_0qcerv2he.docx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\gmIBz_0QcERv2HE.docx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\gmibz_0qcerv2he.docx.rtcrypted")) returned 1 [0223.123] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.125] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\m62mMrqX1.pptx" (normalized: "c:\\users\\oqxzraykm\\documents\\m62mmrqx1.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.134] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\m62mMrqX1.pptx" (normalized: "c:\\users\\oqxzraykm\\documents\\m62mmrqx1.pptx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\m62mMrqX1.pptx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\m62mmrqx1.pptx.rtcrypted")) returned 1 [0223.135] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.138] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\oBVXWpqYBK.pptx" (normalized: "c:\\users\\oqxzraykm\\documents\\obvxwpqybk.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.141] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\oBVXWpqYBK.pptx" (normalized: "c:\\users\\oqxzraykm\\documents\\obvxwpqybk.pptx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\oBVXWpqYBK.pptx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\obvxwpqybk.pptx.rtcrypted")) returned 1 [0223.149] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.151] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\P Qbc4C6_8tW2SWaqVE.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\p qbc4c6_8tw2swaqve.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.180] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\P Qbc4C6_8tW2SWaqVE.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\p qbc4c6_8tw2swaqve.xlsx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\P Qbc4C6_8tW2SWaqVE.xlsx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\p qbc4c6_8tw2swaqve.xlsx.rtcrypted")) returned 1 [0223.182] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.184] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\q_HhEd.pptx" (normalized: "c:\\users\\oqxzraykm\\documents\\q_hhed.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.185] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\q_HhEd.pptx" (normalized: "c:\\users\\oqxzraykm\\documents\\q_hhed.pptx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\q_HhEd.pptx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\q_hhed.pptx.rtcrypted")) returned 1 [0223.187] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.198] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\smN8Rnib6nLWu.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\smn8rnib6nlwu.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.201] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\smN8Rnib6nLWu.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\smn8rnib6nlwu.xlsx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\smN8Rnib6nLWu.xlsx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\smn8rnib6nlwu.xlsx.rtcrypted")) returned 1 [0223.214] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\tFcCKPod.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\tfcckpod.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.217] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\tFcCKPod.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\tfcckpod.docx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\tFcCKPod.docx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\tfcckpod.docx.rtcrypted")) returned 1 [0223.218] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.227] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\tr9U.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\tr9u.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.229] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\tr9U.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\tr9u.xlsx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\tr9U.xlsx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\tr9u.xlsx.rtcrypted")) returned 1 [0223.232] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.235] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\vrypMS0u_xB.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\vrypms0u_xb.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.243] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\vrypMS0u_xB.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\vrypms0u_xb.docx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\vrypMS0u_xB.docx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\vrypms0u_xb.docx.rtcrypted")) returned 1 [0223.245] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.247] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY\\xmWl.csv" (normalized: "c:\\users\\oqxzraykm\\documents\\-6jvn5s1cqngvpdy\\xmwl.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.248] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY\\xmWl.csv" (normalized: "c:\\users\\oqxzraykm\\documents\\-6jvn5s1cqngvpdy\\xmwl.csv"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY\\xmWl.csv.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\-6jvn5s1cqngvpdy\\xmwl.csv.rtcrypted")) returned 1 [0223.261] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.264] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\kQnIf5\\Dbg3Ddy9SSgsZKwE.doc" (normalized: "c:\\users\\oqxzraykm\\documents\\kqnif5\\dbg3ddy9ssgszkwe.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.265] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\kQnIf5\\Dbg3Ddy9SSgsZKwE.doc" (normalized: "c:\\users\\oqxzraykm\\documents\\kqnif5\\dbg3ddy9ssgszkwe.doc"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\kQnIf5\\Dbg3Ddy9SSgsZKwE.doc.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\kqnif5\\dbg3ddy9ssgszkwe.doc.rtcrypted")) returned 1 [0223.277] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.279] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\61De8WLPska01oVom.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\61de8wlpska01ovom.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.281] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\61De8WLPska01oVom.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\61de8wlpska01ovom.docx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\61De8WLPska01oVom.docx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\61de8wlpska01ovom.docx.rtcrypted")) returned 1 [0223.293] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.303] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\pUTUVKAK.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\putuvkak.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.304] GetFileType (hFile=0x2cc) returned 0x1 [0223.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.304] GetFileType (hFile=0x2cc) returned 0x1 [0223.305] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.305] WriteFile (in: hFile=0x2cc, lpBuffer=0x2298c00*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2298c00*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.306] CloseHandle (hObject=0x2cc) returned 1 [0223.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.306] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\pUTUVKAK.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\putuvkak.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88f51c80, ftCreationTime.dwHighDateTime=0x1d9a9b5, ftLastAccessTime.dwLowDateTime=0x197ba22f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x197ba22f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xca96)) returned 1 [0223.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.307] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\pUTUVKAK.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\putuvkak.xlsx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\pUTUVKAK.xlsx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\putuvkak.xlsx.rtcrypted")) returned 1 [0223.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.309] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.310] GetFileType (hFile=0x2cc) returned 0x1 [0223.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.310] GetFileType (hFile=0x2cc) returned 0x1 [0223.310] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x49f8 [0223.311] WriteFile (in: hFile=0x2cc, lpBuffer=0x229b4b0*, nNumberOfBytesToWrite=0x35, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x229b4b0*, lpNumberOfBytesWritten=0x15ecc8*=0x35, lpOverlapped=0x0) returned 1 [0223.311] CloseHandle (hObject=0x2cc) returned 1 [0223.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.313] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\tKwoXg9sP.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\tkwoxg9sp.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.324] GetFileType (hFile=0x2cc) returned 0x1 [0223.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.324] GetFileType (hFile=0x2cc) returned 0x1 [0223.324] ReadFile (in: hFile=0x2cc, lpBuffer=0x229ca30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x229ca30*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0223.334] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.334] WriteFile (in: hFile=0x2cc, lpBuffer=0x229ca30*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x229ca30*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.334] CloseHandle (hObject=0x2cc) returned 1 [0223.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\tKwoXg9sP.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\tkwoxg9sp.docx"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb053fc90, ftCreationTime.dwHighDateTime=0x1d9b1c8, ftLastAccessTime.dwLowDateTime=0x198065de, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x198065de, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x167d8)) returned 1 [0223.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.335] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\tKwoXg9sP.docx" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\tkwoxg9sp.docx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\tKwoXg9sP.docx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\tkwoxg9sp.docx.rtcrypted")) returned 1 [0223.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.337] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.338] GetFileType (hFile=0x2cc) returned 0x1 [0223.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.338] GetFileType (hFile=0x2cc) returned 0x1 [0223.338] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4a2d [0223.338] WriteFile (in: hFile=0x2cc, lpBuffer=0x229f2e0*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x229f2e0*, lpNumberOfBytesWritten=0x15ecc8*=0x36, lpOverlapped=0x0) returned 1 [0223.338] CloseHandle (hObject=0x2cc) returned 1 [0223.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.340] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\fabE6LAM6xEtP\\KrCIJZxudvtCeY.doc" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\fabe6lam6xetp\\krcijzxudvtcey.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.340] GetFileType (hFile=0x2cc) returned 0x1 [0223.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.340] GetFileType (hFile=0x2cc) returned 0x1 [0223.341] ReadFile (in: hFile=0x2cc, lpBuffer=0x22a0888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0223.341] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.341] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.341] CloseHandle (hObject=0x2cc) returned 1 [0223.342] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.342] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\fabE6LAM6xEtP\\KrCIJZxudvtCeY.doc" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\fabe6lam6xetp\\krcijzxudvtcey.doc"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd78d380, ftCreationTime.dwHighDateTime=0x1d9ac73, ftLastAccessTime.dwLowDateTime=0x198065de, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x198065de, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x143d0)) returned 1 [0223.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.342] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\fabE6LAM6xEtP\\KrCIJZxudvtCeY.doc" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\fabe6lam6xetp\\krcijzxudvtcey.doc"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\fabE6LAM6xEtP\\KrCIJZxudvtCeY.doc.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\fabe6lam6xetp\\krcijzxudvtcey.doc.rtcrypted")) returned 1 [0223.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.344] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.344] GetFileType (hFile=0x2cc) returned 0x1 [0223.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.344] GetFileType (hFile=0x2cc) returned 0x1 [0223.345] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4a63 [0223.568] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a4200*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22a4200*, lpNumberOfBytesWritten=0x15ecc8*=0x48, lpOverlapped=0x0) returned 1 [0223.568] CloseHandle (hObject=0x2cc) returned 1 [0223.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.571] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\vPtkmO\\-TpGaKVbHa97zgS.ppt" (normalized: "c:\\users\\oqxzraykm\\documents\\vptkmo\\-tpgakvbha97zgs.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.571] GetFileType (hFile=0x2cc) returned 0x1 [0223.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.571] GetFileType (hFile=0x2cc) returned 0x1 [0223.571] ReadFile (in: hFile=0x2cc, lpBuffer=0x22a5770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22a5770*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0223.572] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.572] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a5770*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22a5770*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.572] CloseHandle (hObject=0x2cc) returned 1 [0223.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.573] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\vPtkmO\\-TpGaKVbHa97zgS.ppt" (normalized: "c:\\users\\oqxzraykm\\documents\\vptkmo\\-tpgakvbha97zgs.ppt"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1173cb40, ftCreationTime.dwHighDateTime=0x1d9aaee, ftLastAccessTime.dwLowDateTime=0x19a4274f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19a4274f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xb198)) returned 1 [0223.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.573] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\vPtkmO\\-TpGaKVbHa97zgS.ppt" (normalized: "c:\\users\\oqxzraykm\\documents\\vptkmo\\-tpgakvbha97zgs.ppt"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\vPtkmO\\-TpGaKVbHa97zgS.ppt.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\vptkmo\\-tpgakvbha97zgs.ppt.rtcrypted")) returned 1 [0223.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.575] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.576] GetFileType (hFile=0x2cc) returned 0x1 [0223.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.576] GetFileType (hFile=0x2cc) returned 0x1 [0223.576] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4aab [0223.577] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a8050*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22a8050*, lpNumberOfBytesWritten=0x15ecc8*=0x38, lpOverlapped=0x0) returned 1 [0223.577] CloseHandle (hObject=0x2cc) returned 1 [0223.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.580] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\jZACGvj_jUniQbGydKt.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\jzacgvj_juniqbgydkt.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.580] GetFileType (hFile=0x2cc) returned 0x1 [0223.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.581] GetFileType (hFile=0x2cc) returned 0x1 [0223.581] ReadFile (in: hFile=0x2cc, lpBuffer=0x22a95f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22a95f8*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0223.581] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.581] WriteFile (in: hFile=0x2cc, lpBuffer=0x22a95f8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22a95f8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.582] CloseHandle (hObject=0x2cc) returned 1 [0223.583] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.583] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\jZACGvj_jUniQbGydKt.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\jzacgvj_juniqbgydkt.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b30f290, ftCreationTime.dwHighDateTime=0x1d9aed4, ftLastAccessTime.dwLowDateTime=0x19a68912, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19a68912, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x7fb1)) returned 1 [0223.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.583] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\jZACGvj_jUniQbGydKt.xlsx" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\jzacgvj_juniqbgydkt.xlsx"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\jZACGvj_jUniQbGydKt.xlsx.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\jzacgvj_juniqbgydkt.xlsx.rtcrypted")) returned 1 [0223.585] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.585] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.585] GetFileType (hFile=0x2cc) returned 0x1 [0223.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.586] GetFileType (hFile=0x2cc) returned 0x1 [0223.586] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4ae3 [0223.587] WriteFile (in: hFile=0x2cc, lpBuffer=0x22abf60*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22abf60*, lpNumberOfBytesWritten=0x15ecc8*=0x49, lpOverlapped=0x0) returned 1 [0223.587] CloseHandle (hObject=0x2cc) returned 1 [0223.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.588] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\UHkhqoDlS1ZMy4YF1xN.xls" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\uhkhqodls1zmy4yf1xn.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.589] GetFileType (hFile=0x2cc) returned 0x1 [0223.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.589] GetFileType (hFile=0x2cc) returned 0x1 [0223.589] ReadFile (in: hFile=0x2cc, lpBuffer=0x22ad4f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22ad4f8*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0223.589] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.589] WriteFile (in: hFile=0x2cc, lpBuffer=0x22ad4f8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22ad4f8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.590] CloseHandle (hObject=0x2cc) returned 1 [0223.590] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.590] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\UHkhqoDlS1ZMy4YF1xN.xls" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\uhkhqodls1zmy4yf1xn.xls"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd7552a0, ftCreationTime.dwHighDateTime=0x1d9a536, ftLastAccessTime.dwLowDateTime=0x19a68912, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19a68912, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xbe81)) returned 1 [0223.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.591] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\UHkhqoDlS1ZMy4YF1xN.xls" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\uhkhqodls1zmy4yf1xn.xls"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\UHkhqoDlS1ZMy4YF1xN.xls.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\uhkhqodls1zmy4yf1xn.xls.rtcrypted")) returned 1 [0223.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.592] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.593] GetFileType (hFile=0x2cc) returned 0x1 [0223.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.593] GetFileType (hFile=0x2cc) returned 0x1 [0223.593] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4b2c [0223.594] WriteFile (in: hFile=0x2cc, lpBuffer=0x22afe58*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22afe58*, lpNumberOfBytesWritten=0x15ecc8*=0x48, lpOverlapped=0x0) returned 1 [0223.594] CloseHandle (hObject=0x2cc) returned 1 [0223.597] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0223.598] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\EVZV9g78HF1 1b20ex.odt", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\EVZV9g78HF1 1b20ex.odt", lpFilePart=0x0) returned 0x4d [0223.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.598] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\EVZV9g78HF1 1b20ex.odt" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\8gtj48\\evzv9g78hf1 1b20ex.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.599] GetFileType (hFile=0x2cc) returned 0x1 [0223.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.599] GetFileType (hFile=0x2cc) returned 0x1 [0223.599] ReadFile (in: hFile=0x2cc, lpBuffer=0x22b1400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22b1400*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0223.599] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.600] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b1400*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22b1400*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.600] CloseHandle (hObject=0x2cc) returned 1 [0223.601] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\EVZV9g78HF1 1b20ex.odt", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\EVZV9g78HF1 1b20ex.odt", lpFilePart=0x0) returned 0x4d [0223.601] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\EVZV9g78HF1 1b20ex.odt.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\EVZV9g78HF1 1b20ex.odt.rtcrypted", lpFilePart=0x0) returned 0x57 [0223.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.601] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\EVZV9g78HF1 1b20ex.odt" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\8gtj48\\evzv9g78hf1 1b20ex.odt"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x695ca760, ftCreationTime.dwHighDateTime=0x1d9a9a8, ftLastAccessTime.dwLowDateTime=0x19a8f5bc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19a8f5bc, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x18991)) returned 1 [0223.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.601] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\EVZV9g78HF1 1b20ex.odt" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\8gtj48\\evzv9g78hf1 1b20ex.odt"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\EVZV9g78HF1 1b20ex.odt.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\8gtj48\\evzv9g78hf1 1b20ex.odt.rtcrypted")) returned 1 [0223.603] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0223.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.603] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.604] GetFileType (hFile=0x2cc) returned 0x1 [0223.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.604] GetFileType (hFile=0x2cc) returned 0x1 [0223.604] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4b74 [0223.605] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b3d88*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22b3d88*, lpNumberOfBytesWritten=0x15ecc8*=0x4e, lpOverlapped=0x0) returned 1 [0223.606] CloseHandle (hObject=0x2cc) returned 1 [0223.607] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0223.607] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\gDn4S0f.ppt", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\gDn4S0f.ppt", lpFilePart=0x0) returned 0x42 [0223.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.608] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\gDn4S0f.ppt" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\8gtj48\\gdn4s0f.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.608] GetFileType (hFile=0x2cc) returned 0x1 [0223.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.608] GetFileType (hFile=0x2cc) returned 0x1 [0223.608] ReadFile (in: hFile=0x2cc, lpBuffer=0x22b5300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22b5300*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0223.608] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.609] WriteFile (in: hFile=0x2cc, lpBuffer=0x22b5300*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22b5300*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.609] CloseHandle (hObject=0x2cc) returned 1 [0223.609] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\gDn4S0f.ppt", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\gDn4S0f.ppt", lpFilePart=0x0) returned 0x42 [0223.609] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\gDn4S0f.ppt.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\gDn4S0f.ppt.rtcrypted", lpFilePart=0x0) returned 0x4c [0223.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\gDn4S0f.ppt" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\8gtj48\\gdn4s0f.ppt"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a9cbf10, ftCreationTime.dwHighDateTime=0x1d9a9c2, ftLastAccessTime.dwLowDateTime=0x19a8f5bc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19a8f5bc, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xe38a)) returned 1 [0223.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.610] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\gDn4S0f.ppt" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\8gtj48\\gdn4s0f.ppt"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\gDn4S0f.ppt.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\8gtj48\\gdn4s0f.ppt.rtcrypted")) returned 1 [0223.708] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0223.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.709] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.710] GetFileType (hFile=0x2cc) returned 0x1 [0223.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.710] GetFileType (hFile=0x2cc) returned 0x1 [0223.710] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4bc2 [0223.711] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f0ed8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22f0ed8*, lpNumberOfBytesWritten=0x15ecc8*=0x43, lpOverlapped=0x0) returned 1 [0223.711] CloseHandle (hObject=0x2cc) returned 1 [0223.712] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0223.713] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\3p6 ohHYs9-.csv", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\3p6 ohHYs9-.csv", lpFilePart=0x0) returned 0x4e [0223.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.714] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\3p6 ohHYs9-.csv" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\obyx88izfwial4\\3p6 ohhys9-.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.715] GetFileType (hFile=0x2cc) returned 0x1 [0223.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.715] GetFileType (hFile=0x2cc) returned 0x1 [0223.716] ReadFile (in: hFile=0x2cc, lpBuffer=0x22f2488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22f2488*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0223.716] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.717] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f2488*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22f2488*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.717] CloseHandle (hObject=0x2cc) returned 1 [0223.718] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\3p6 ohHYs9-.csv", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\3p6 ohHYs9-.csv", lpFilePart=0x0) returned 0x4e [0223.718] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\3p6 ohHYs9-.csv.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\3p6 ohHYs9-.csv.rtcrypted", lpFilePart=0x0) returned 0x58 [0223.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.718] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\3p6 ohHYs9-.csv" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\obyx88izfwial4\\3p6 ohhys9-.csv"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa7fa840, ftCreationTime.dwHighDateTime=0x1d9a9c2, ftLastAccessTime.dwLowDateTime=0x19b99f67, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19b99f67, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x5f06)) returned 1 [0223.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.718] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\3p6 ohHYs9-.csv" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\obyx88izfwial4\\3p6 ohhys9-.csv"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\3p6 ohHYs9-.csv.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\obyx88izfwial4\\3p6 ohhys9-.csv.rtcrypted")) returned 1 [0223.771] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0223.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.772] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.772] GetFileType (hFile=0x2cc) returned 0x1 [0223.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.773] GetFileType (hFile=0x2cc) returned 0x1 [0223.773] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4c05 [0223.773] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f4e08*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22f4e08*, lpNumberOfBytesWritten=0x15ecc8*=0x4f, lpOverlapped=0x0) returned 1 [0223.774] CloseHandle (hObject=0x2cc) returned 1 [0223.775] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0223.776] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\aucpxM.odt", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\aucpxM.odt", lpFilePart=0x0) returned 0x49 [0223.776] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.776] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\aucpxM.odt" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\obyx88izfwial4\\aucpxm.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.777] GetFileType (hFile=0x2cc) returned 0x1 [0223.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.777] GetFileType (hFile=0x2cc) returned 0x1 [0223.778] ReadFile (in: hFile=0x2cc, lpBuffer=0x22f63a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22f63a8*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0223.778] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.778] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f63a8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22f63a8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.779] CloseHandle (hObject=0x2cc) returned 1 [0223.779] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\aucpxM.odt", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\aucpxM.odt", lpFilePart=0x0) returned 0x49 [0223.779] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\aucpxM.odt.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\aucpxM.odt.rtcrypted", lpFilePart=0x0) returned 0x53 [0223.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\aucpxM.odt" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\obyx88izfwial4\\aucpxm.odt"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9020c5e0, ftCreationTime.dwHighDateTime=0x1d9ad0c, ftLastAccessTime.dwLowDateTime=0x19c3281b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19c3281b, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xb322)) returned 1 [0223.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.780] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\aucpxM.odt" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\obyx88izfwial4\\aucpxm.odt"), lpNewFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\aucpxM.odt.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\obyx88izfwial4\\aucpxm.odt.rtcrypted")) returned 1 [0223.781] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0223.782] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.782] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.783] GetFileType (hFile=0x2cc) returned 0x1 [0223.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.784] GetFileType (hFile=0x2cc) returned 0x1 [0223.784] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4c54 [0223.785] WriteFile (in: hFile=0x2cc, lpBuffer=0x22f8cf8*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22f8cf8*, lpNumberOfBytesWritten=0x15ecc8*=0x4a, lpOverlapped=0x0) returned 1 [0223.785] CloseHandle (hObject=0x2cc) returned 1 [0223.786] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0223.787] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Links\\Desktop.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Links\\Desktop.lnk", lpFilePart=0x0) returned 0x24 [0223.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.787] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Links\\Desktop.lnk" (normalized: "c:\\users\\oqxzraykm\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.788] GetFileType (hFile=0x2cc) returned 0x1 [0223.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.788] GetFileType (hFile=0x2cc) returned 0x1 [0223.789] ReadFile (in: hFile=0x2cc, lpBuffer=0x22fa250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22fa250*, lpNumberOfBytesRead=0x15edd8*=0x200, lpOverlapped=0x0) returned 1 [0223.877] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.878] WriteFile (in: hFile=0x2cc, lpBuffer=0x22fa250*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22fa250*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.878] CloseHandle (hObject=0x2cc) returned 1 [0223.879] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Links\\Desktop.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Links\\Desktop.lnk", lpFilePart=0x0) returned 0x24 [0223.879] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Links\\Desktop.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Links\\Desktop.lnk.rtcrypted", lpFilePart=0x0) returned 0x2e [0223.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Links\\Desktop.lnk" (normalized: "c:\\users\\oqxzraykm\\links\\desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52351544, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x19d3d850, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19d3d850, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x200)) returned 1 [0223.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.879] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Links\\Desktop.lnk" (normalized: "c:\\users\\oqxzraykm\\links\\desktop.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\Links\\Desktop.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\links\\desktop.lnk.rtcrypted")) returned 1 [0223.881] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0223.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.882] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.882] GetFileType (hFile=0x2cc) returned 0x1 [0223.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.882] GetFileType (hFile=0x2cc) returned 0x1 [0223.882] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4c9e [0223.883] WriteFile (in: hFile=0x2cc, lpBuffer=0x2302d38*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2302d38*, lpNumberOfBytesWritten=0x15ecc8*=0x25, lpOverlapped=0x0) returned 1 [0223.883] CloseHandle (hObject=0x2cc) returned 1 [0223.884] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0223.885] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Links\\Downloads.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Links\\Downloads.lnk", lpFilePart=0x0) returned 0x26 [0223.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.885] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Links\\Downloads.lnk" (normalized: "c:\\users\\oqxzraykm\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.886] GetFileType (hFile=0x2cc) returned 0x1 [0223.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.886] GetFileType (hFile=0x2cc) returned 0x1 [0223.886] ReadFile (in: hFile=0x2cc, lpBuffer=0x2304298, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2304298*, lpNumberOfBytesRead=0x15edd8*=0x3c1, lpOverlapped=0x0) returned 1 [0223.891] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.891] WriteFile (in: hFile=0x2cc, lpBuffer=0x2304298*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2304298*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.891] CloseHandle (hObject=0x2cc) returned 1 [0223.893] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Links\\Downloads.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Links\\Downloads.lnk", lpFilePart=0x0) returned 0x26 [0223.893] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Links\\Downloads.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Links\\Downloads.lnk.rtcrypted", lpFilePart=0x0) returned 0x30 [0223.893] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.893] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Links\\Downloads.lnk" (normalized: "c:\\users\\oqxzraykm\\links\\downloads.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x523c3a91, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x19d3d850, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19d3d850, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3c1)) returned 1 [0223.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.893] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Links\\Downloads.lnk" (normalized: "c:\\users\\oqxzraykm\\links\\downloads.lnk"), lpNewFileName="C:\\Users\\OqXZRaykm\\Links\\Downloads.lnk.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\links\\downloads.lnk.rtcrypted")) returned 1 [0223.895] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0223.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.895] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.895] GetFileType (hFile=0x2cc) returned 0x1 [0223.896] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.896] GetFileType (hFile=0x2cc) returned 0x1 [0223.896] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4cc3 [0223.896] WriteFile (in: hFile=0x2cc, lpBuffer=0x2306ad8*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2306ad8*, lpNumberOfBytesWritten=0x15ecc8*=0x27, lpOverlapped=0x0) returned 1 [0223.897] CloseHandle (hObject=0x2cc) returned 1 [0223.898] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0223.898] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\m3usBO7dK87a.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\m3usBO7dK87a.mp3", lpFilePart=0x0) returned 0x43 [0223.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.899] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\m3usBO7dK87a.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\m3usbo7dk87a.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.899] GetFileType (hFile=0x2cc) returned 0x1 [0223.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.899] GetFileType (hFile=0x2cc) returned 0x1 [0223.900] ReadFile (in: hFile=0x2cc, lpBuffer=0x2308078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2308078*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0223.902] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.902] WriteFile (in: hFile=0x2cc, lpBuffer=0x2308078*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2308078*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.902] CloseHandle (hObject=0x2cc) returned 1 [0223.902] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\m3usBO7dK87a.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\m3usBO7dK87a.mp3", lpFilePart=0x0) returned 0x43 [0223.902] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\m3usBO7dK87a.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\m3usBO7dK87a.mp3.rtcrypted", lpFilePart=0x0) returned 0x4d [0223.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.903] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\m3usBO7dK87a.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\m3usbo7dk87a.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54695390, ftCreationTime.dwHighDateTime=0x1d9a4f2, ftLastAccessTime.dwLowDateTime=0x19d6395f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19d6395f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x7916)) returned 1 [0223.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.903] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\m3usBO7dK87a.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\m3usbo7dk87a.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\m3usBO7dK87a.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\m3usbo7dk87a.mp3.rtcrypted")) returned 1 [0223.905] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0223.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.906] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.906] GetFileType (hFile=0x2cc) returned 0x1 [0223.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.909] GetFileType (hFile=0x2cc) returned 0x1 [0223.909] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4cea [0223.910] WriteFile (in: hFile=0x2cc, lpBuffer=0x230a9a0*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x230a9a0*, lpNumberOfBytesWritten=0x15ecc8*=0x44, lpOverlapped=0x0) returned 1 [0223.911] CloseHandle (hObject=0x2cc) returned 1 [0223.912] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0223.912] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\ZHeoLPlr6M.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\ZHeoLPlr6M.mp3", lpFilePart=0x0) returned 0x41 [0223.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.913] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\ZHeoLPlr6M.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\zheolplr6m.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.913] GetFileType (hFile=0x2cc) returned 0x1 [0223.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.913] GetFileType (hFile=0x2cc) returned 0x1 [0223.914] ReadFile (in: hFile=0x2cc, lpBuffer=0x230bf38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x230bf38*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0223.917] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.917] WriteFile (in: hFile=0x2cc, lpBuffer=0x230bf38*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x230bf38*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.918] CloseHandle (hObject=0x2cc) returned 1 [0223.918] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\ZHeoLPlr6M.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\ZHeoLPlr6M.mp3", lpFilePart=0x0) returned 0x41 [0223.918] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\ZHeoLPlr6M.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\ZHeoLPlr6M.mp3.rtcrypted", lpFilePart=0x0) returned 0x4b [0223.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.918] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\ZHeoLPlr6M.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\zheolplr6m.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x461f1f0, ftCreationTime.dwHighDateTime=0x1d9b153, ftLastAccessTime.dwLowDateTime=0x19d89c4e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19d89c4e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x17ebd)) returned 1 [0223.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.919] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\ZHeoLPlr6M.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\zheolplr6m.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\ZHeoLPlr6M.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\zheolplr6m.mp3.rtcrypted")) returned 1 [0223.921] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0223.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.921] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.922] GetFileType (hFile=0x2cc) returned 0x1 [0223.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.922] GetFileType (hFile=0x2cc) returned 0x1 [0223.922] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4d2e [0223.923] WriteFile (in: hFile=0x2cc, lpBuffer=0x230e848*, nNumberOfBytesToWrite=0x42, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x230e848*, lpNumberOfBytesWritten=0x15ecc8*=0x42, lpOverlapped=0x0) returned 1 [0223.923] CloseHandle (hObject=0x2cc) returned 1 [0223.990] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0223.991] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\6Yf_v.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\6Yf_v.mp3", lpFilePart=0x0) returned 0x4d [0223.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0223.991] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\6Yf_v.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\2sjqfwb3sa1-ail-\\6yf_v.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0223.992] GetFileType (hFile=0x2cc) returned 0x1 [0223.992] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0223.992] GetFileType (hFile=0x2cc) returned 0x1 [0223.993] ReadFile (in: hFile=0x2cc, lpBuffer=0x2310c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2310c10*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0223.995] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0223.995] WriteFile (in: hFile=0x2cc, lpBuffer=0x2310c10*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2310c10*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0223.995] CloseHandle (hObject=0x2cc) returned 1 [0223.996] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\6Yf_v.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\6Yf_v.mp3", lpFilePart=0x0) returned 0x4d [0223.996] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\6Yf_v.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\6Yf_v.mp3.rtcrypted", lpFilePart=0x0) returned 0x57 [0223.996] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0223.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\6Yf_v.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\2sjqfwb3sa1-ail-\\6yf_v.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49037f20, ftCreationTime.dwHighDateTime=0x1d9abb0, ftLastAccessTime.dwLowDateTime=0x19e48842, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19e48842, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x11bff)) returned 1 [0223.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0223.996] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\6Yf_v.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\2sjqfwb3sa1-ail-\\6yf_v.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\6Yf_v.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\2sjqfwb3sa1-ail-\\6yf_v.mp3.rtcrypted")) returned 1 [0223.998] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0223.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0223.999] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0223.999] GetFileType (hFile=0x2cc) returned 0x1 [0223.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0223.999] GetFileType (hFile=0x2cc) returned 0x1 [0223.999] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4d70 [0224.000] WriteFile (in: hFile=0x2cc, lpBuffer=0x2313580*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2313580*, lpNumberOfBytesWritten=0x15ecc8*=0x4e, lpOverlapped=0x0) returned 1 [0224.000] CloseHandle (hObject=0x2cc) returned 1 [0224.002] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.003] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\UJA.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\UJA.mp3", lpFilePart=0x0) returned 0x4b [0224.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.003] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\UJA.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\2sjqfwb3sa1-ail-\\uja.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.004] GetFileType (hFile=0x2cc) returned 0x1 [0224.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.004] GetFileType (hFile=0x2cc) returned 0x1 [0224.005] ReadFile (in: hFile=0x2cc, lpBuffer=0x2314b18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2314b18*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.007] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.007] WriteFile (in: hFile=0x2cc, lpBuffer=0x2314b18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2314b18*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.007] CloseHandle (hObject=0x2cc) returned 1 [0224.008] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\UJA.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\UJA.mp3", lpFilePart=0x0) returned 0x4b [0224.008] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\UJA.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\UJA.mp3.rtcrypted", lpFilePart=0x0) returned 0x55 [0224.008] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.008] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\UJA.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\2sjqfwb3sa1-ail-\\uja.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe636210, ftCreationTime.dwHighDateTime=0x1d9ada7, ftLastAccessTime.dwLowDateTime=0x19e6ed2b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19e6ed2b, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x10a19)) returned 1 [0224.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.008] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\UJA.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\2sjqfwb3sa1-ail-\\uja.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\UJA.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\2sjqfwb3sa1-ail-\\uja.mp3.rtcrypted")) returned 1 [0224.009] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.010] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.010] GetFileType (hFile=0x2cc) returned 0x1 [0224.010] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.010] GetFileType (hFile=0x2cc) returned 0x1 [0224.010] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4dbe [0224.011] WriteFile (in: hFile=0x2cc, lpBuffer=0x2317480*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2317480*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0224.011] CloseHandle (hObject=0x2cc) returned 1 [0224.012] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.013] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\AHJ0i7W5XzWYH.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\AHJ0i7W5XzWYH.mp3", lpFilePart=0x0) returned 0x56 [0224.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.013] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\AHJ0i7W5XzWYH.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\ahj0i7w5xzwyh.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.014] GetFileType (hFile=0x2cc) returned 0x1 [0224.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.014] GetFileType (hFile=0x2cc) returned 0x1 [0224.015] ReadFile (in: hFile=0x2cc, lpBuffer=0x2318a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2318a48*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.018] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.018] WriteFile (in: hFile=0x2cc, lpBuffer=0x2318a48*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2318a48*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.018] CloseHandle (hObject=0x2cc) returned 1 [0224.019] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\AHJ0i7W5XzWYH.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\AHJ0i7W5XzWYH.mp3", lpFilePart=0x0) returned 0x56 [0224.019] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\AHJ0i7W5XzWYH.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\AHJ0i7W5XzWYH.mp3.rtcrypted", lpFilePart=0x0) returned 0x60 [0224.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.019] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\AHJ0i7W5XzWYH.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\ahj0i7w5xzwyh.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x527107a0, ftCreationTime.dwHighDateTime=0x1d9ae56, ftLastAccessTime.dwLowDateTime=0x19e94f8e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19e94f8e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x1025d)) returned 1 [0224.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.019] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\AHJ0i7W5XzWYH.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\ahj0i7w5xzwyh.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\AHJ0i7W5XzWYH.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\ahj0i7w5xzwyh.mp3.rtcrypted")) returned 1 [0224.021] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.021] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.022] GetFileType (hFile=0x2cc) returned 0x1 [0224.022] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.022] GetFileType (hFile=0x2cc) returned 0x1 [0224.022] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4e0a [0224.023] WriteFile (in: hFile=0x2cc, lpBuffer=0x231b408*, nNumberOfBytesToWrite=0x57, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x231b408*, lpNumberOfBytesWritten=0x15ecc8*=0x57, lpOverlapped=0x0) returned 1 [0224.023] CloseHandle (hObject=0x2cc) returned 1 [0224.024] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.024] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\GHyWMiA43K.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\GHyWMiA43K.mp3", lpFilePart=0x0) returned 0x53 [0224.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.025] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\GHyWMiA43K.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\ghywmia43k.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.025] GetFileType (hFile=0x2cc) returned 0x1 [0224.025] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.025] GetFileType (hFile=0x2cc) returned 0x1 [0224.026] ReadFile (in: hFile=0x2cc, lpBuffer=0x231c9c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x231c9c0*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.028] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.028] WriteFile (in: hFile=0x2cc, lpBuffer=0x231c9c0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x231c9c0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.029] CloseHandle (hObject=0x2cc) returned 1 [0224.029] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\GHyWMiA43K.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\GHyWMiA43K.mp3", lpFilePart=0x0) returned 0x53 [0224.029] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\GHyWMiA43K.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\GHyWMiA43K.mp3.rtcrypted", lpFilePart=0x0) returned 0x5d [0224.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.029] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\GHyWMiA43K.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\ghywmia43k.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26b5b070, ftCreationTime.dwHighDateTime=0x1d9ab13, ftLastAccessTime.dwLowDateTime=0x19e94f8e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19e94f8e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3539)) returned 1 [0224.029] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.029] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\GHyWMiA43K.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\ghywmia43k.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\GHyWMiA43K.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\ghywmia43k.mp3.rtcrypted")) returned 1 [0224.031] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.031] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.032] GetFileType (hFile=0x2cc) returned 0x1 [0224.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.032] GetFileType (hFile=0x2cc) returned 0x1 [0224.032] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4e61 [0224.033] WriteFile (in: hFile=0x2cc, lpBuffer=0x231f368*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x231f368*, lpNumberOfBytesWritten=0x15ecc8*=0x54, lpOverlapped=0x0) returned 1 [0224.033] CloseHandle (hObject=0x2cc) returned 1 [0224.085] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.094] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\kB1RpVPtcBx62ERzezhB.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\kB1RpVPtcBx62ERzezhB.mp3", lpFilePart=0x0) returned 0x5d [0224.094] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.098] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\kB1RpVPtcBx62ERzezhB.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\kb1rpvptcbx62erzezhb.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.099] GetFileType (hFile=0x2cc) returned 0x1 [0224.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.099] GetFileType (hFile=0x2cc) returned 0x1 [0224.100] ReadFile (in: hFile=0x2cc, lpBuffer=0x2320950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2320950*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.102] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.102] WriteFile (in: hFile=0x2cc, lpBuffer=0x2320950*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2320950*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.103] CloseHandle (hObject=0x2cc) returned 1 [0224.103] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\kB1RpVPtcBx62ERzezhB.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\kB1RpVPtcBx62ERzezhB.mp3", lpFilePart=0x0) returned 0x5d [0224.103] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\kB1RpVPtcBx62ERzezhB.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\kB1RpVPtcBx62ERzezhB.mp3.rtcrypted", lpFilePart=0x0) returned 0x67 [0224.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.104] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\kB1RpVPtcBx62ERzezhB.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\kb1rpvptcbx62erzezhb.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3eb4930, ftCreationTime.dwHighDateTime=0x1d9a7b9, ftLastAccessTime.dwLowDateTime=0x19f53f01, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x19f53f01, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x5b72)) returned 1 [0224.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.104] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\kB1RpVPtcBx62ERzezhB.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\kb1rpvptcbx62erzezhb.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\kB1RpVPtcBx62ERzezhB.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\kb1rpvptcbx62erzezhb.mp3.rtcrypted")) returned 1 [0224.106] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.106] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.116] GetFileType (hFile=0x2cc) returned 0x1 [0224.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.116] GetFileType (hFile=0x2cc) returned 0x1 [0224.116] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4eb5 [0224.118] WriteFile (in: hFile=0x2cc, lpBuffer=0x2323358*, nNumberOfBytesToWrite=0x5e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2323358*, lpNumberOfBytesWritten=0x15ecc8*=0x5e, lpOverlapped=0x0) returned 1 [0224.119] CloseHandle (hObject=0x2cc) returned 1 [0224.125] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.126] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO\\aG-QuQ4httW1c-X.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO\\aG-QuQ4httW1c-X.mp3", lpFilePart=0x0) returned 0x50 [0224.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.127] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO\\aG-QuQ4httW1c-X.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\5jvufsxko\\ag-quq4httw1c-x.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.168] GetFileType (hFile=0x2cc) returned 0x1 [0224.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.168] GetFileType (hFile=0x2cc) returned 0x1 [0224.169] ReadFile (in: hFile=0x2cc, lpBuffer=0x2324900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2324900*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.171] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.172] WriteFile (in: hFile=0x2cc, lpBuffer=0x2324900*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2324900*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.172] CloseHandle (hObject=0x2cc) returned 1 [0224.173] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO\\aG-QuQ4httW1c-X.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO\\aG-QuQ4httW1c-X.mp3", lpFilePart=0x0) returned 0x50 [0224.177] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO\\aG-QuQ4httW1c-X.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO\\aG-QuQ4httW1c-X.mp3.rtcrypted", lpFilePart=0x0) returned 0x5a [0224.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO\\aG-QuQ4httW1c-X.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\5jvufsxko\\ag-quq4httw1c-x.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20303e40, ftCreationTime.dwHighDateTime=0x1d9af74, ftLastAccessTime.dwLowDateTime=0x1a003408, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a003408, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x7dcc)) returned 1 [0224.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.177] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO\\aG-QuQ4httW1c-X.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\5jvufsxko\\ag-quq4httw1c-x.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO\\aG-QuQ4httW1c-X.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\5jvufsxko\\ag-quq4httw1c-x.mp3.rtcrypted")) returned 1 [0224.179] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.180] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.180] GetFileType (hFile=0x2cc) returned 0x1 [0224.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.180] GetFileType (hFile=0x2cc) returned 0x1 [0224.180] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4f13 [0224.182] WriteFile (in: hFile=0x2cc, lpBuffer=0x23272a8*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x23272a8*, lpNumberOfBytesWritten=0x15ecc8*=0x51, lpOverlapped=0x0) returned 1 [0224.182] CloseHandle (hObject=0x2cc) returned 1 [0224.184] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.184] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV\\jmTQM.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV\\jmTQM.mp3", lpFilePart=0x0) returned 0x43 [0224.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.185] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV\\jmTQM.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\lblbiv\\jmtqm.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.185] GetFileType (hFile=0x2cc) returned 0x1 [0224.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.185] GetFileType (hFile=0x2cc) returned 0x1 [0224.185] ReadFile (in: hFile=0x2cc, lpBuffer=0x2328820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2328820*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.188] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.188] WriteFile (in: hFile=0x2cc, lpBuffer=0x2328820*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2328820*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.188] CloseHandle (hObject=0x2cc) returned 1 [0224.189] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV\\jmTQM.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV\\jmTQM.mp3", lpFilePart=0x0) returned 0x43 [0224.190] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV\\jmTQM.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV\\jmTQM.mp3.rtcrypted", lpFilePart=0x0) returned 0x4d [0224.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.190] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV\\jmTQM.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\lblbiv\\jmtqm.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5aa5e700, ftCreationTime.dwHighDateTime=0x1d9a812, ftLastAccessTime.dwLowDateTime=0x1a0125cd, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a0125cd, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xae14)) returned 1 [0224.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.190] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV\\jmTQM.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\lblbiv\\jmtqm.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV\\jmTQM.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\lblbiv\\jmtqm.mp3.rtcrypted")) returned 1 [0224.192] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.192] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.192] GetFileType (hFile=0x2cc) returned 0x1 [0224.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.192] GetFileType (hFile=0x2cc) returned 0x1 [0224.192] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4f64 [0224.199] WriteFile (in: hFile=0x2cc, lpBuffer=0x2137988*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2137988*, lpNumberOfBytesWritten=0x15ecc8*=0x44, lpOverlapped=0x0) returned 1 [0224.199] CloseHandle (hObject=0x2cc) returned 1 [0224.200] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.201] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\Jx2X9GUgVUSuTh6krwR.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\Jx2X9GUgVUSuTh6krwR.mp3", lpFilePart=0x0) returned 0x4e [0224.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.201] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\Jx2X9GUgVUSuTh6krwR.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\jx2x9gugvusuth6krwr.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.201] GetFileType (hFile=0x2cc) returned 0x1 [0224.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.202] GetFileType (hFile=0x2cc) returned 0x1 [0224.202] ReadFile (in: hFile=0x2cc, lpBuffer=0x2138f48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2138f48*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.204] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.204] WriteFile (in: hFile=0x2cc, lpBuffer=0x2138f48*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2138f48*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.253] CloseHandle (hObject=0x2cc) returned 1 [0224.254] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\Jx2X9GUgVUSuTh6krwR.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\Jx2X9GUgVUSuTh6krwR.mp3", lpFilePart=0x0) returned 0x4e [0224.254] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\Jx2X9GUgVUSuTh6krwR.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\Jx2X9GUgVUSuTh6krwR.mp3.rtcrypted", lpFilePart=0x0) returned 0x58 [0224.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\Jx2X9GUgVUSuTh6krwR.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\jx2x9gugvusuth6krwr.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39567bb0, ftCreationTime.dwHighDateTime=0x1d9b38d, ftLastAccessTime.dwLowDateTime=0x1a0387c2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a0387c2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x932c)) returned 1 [0224.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.255] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\Jx2X9GUgVUSuTh6krwR.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\jx2x9gugvusuth6krwr.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\Jx2X9GUgVUSuTh6krwR.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\jx2x9gugvusuth6krwr.mp3.rtcrypted")) returned 1 [0224.266] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.266] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.267] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.268] GetFileType (hFile=0x2cc) returned 0x1 [0224.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.268] GetFileType (hFile=0x2cc) returned 0x1 [0224.268] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4fa8 [0224.269] WriteFile (in: hFile=0x2cc, lpBuffer=0x213b8c8*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x213b8c8*, lpNumberOfBytesWritten=0x15ecc8*=0x4f, lpOverlapped=0x0) returned 1 [0224.269] CloseHandle (hObject=0x2cc) returned 1 [0224.270] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.271] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\RYZ5Kw2K S-JSPu.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\RYZ5Kw2K S-JSPu.mp3", lpFilePart=0x0) returned 0x4a [0224.271] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.271] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\RYZ5Kw2K S-JSPu.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\ryz5kw2k s-jspu.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.271] GetFileType (hFile=0x2cc) returned 0x1 [0224.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.272] GetFileType (hFile=0x2cc) returned 0x1 [0224.272] ReadFile (in: hFile=0x2cc, lpBuffer=0x213ce78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x213ce78*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.274] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.274] WriteFile (in: hFile=0x2cc, lpBuffer=0x213ce78*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x213ce78*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.274] CloseHandle (hObject=0x2cc) returned 1 [0224.275] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\RYZ5Kw2K S-JSPu.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\RYZ5Kw2K S-JSPu.mp3", lpFilePart=0x0) returned 0x4a [0224.275] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\RYZ5Kw2K S-JSPu.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\RYZ5Kw2K S-JSPu.mp3.rtcrypted", lpFilePart=0x0) returned 0x54 [0224.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\RYZ5Kw2K S-JSPu.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\ryz5kw2k s-jspu.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f5d7e0, ftCreationTime.dwHighDateTime=0x1d9a7be, ftLastAccessTime.dwLowDateTime=0x1a0f6f45, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a0f6f45, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x93f4)) returned 1 [0224.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.275] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\RYZ5Kw2K S-JSPu.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\ryz5kw2k s-jspu.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\RYZ5Kw2K S-JSPu.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\ryz5kw2k s-jspu.mp3.rtcrypted")) returned 1 [0224.277] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.277] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.278] GetFileType (hFile=0x2cc) returned 0x1 [0224.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.278] GetFileType (hFile=0x2cc) returned 0x1 [0224.278] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x4ff7 [0224.279] WriteFile (in: hFile=0x2cc, lpBuffer=0x213f7d8*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x213f7d8*, lpNumberOfBytesWritten=0x15ecc8*=0x4b, lpOverlapped=0x0) returned 1 [0224.279] CloseHandle (hObject=0x2cc) returned 1 [0224.280] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.281] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\yfTzi8OZD.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\yfTzi8OZD.mp3", lpFilePart=0x0) returned 0x44 [0224.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.281] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\yfTzi8OZD.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\yftzi8ozd.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.282] GetFileType (hFile=0x2cc) returned 0x1 [0224.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.282] GetFileType (hFile=0x2cc) returned 0x1 [0224.283] ReadFile (in: hFile=0x2cc, lpBuffer=0x2140d78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2140d78*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.285] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.285] WriteFile (in: hFile=0x2cc, lpBuffer=0x2140d78*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2140d78*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.285] CloseHandle (hObject=0x2cc) returned 1 [0224.286] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\yfTzi8OZD.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\yfTzi8OZD.mp3", lpFilePart=0x0) returned 0x44 [0224.286] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\yfTzi8OZD.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\yfTzi8OZD.mp3.rtcrypted", lpFilePart=0x0) returned 0x4e [0224.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.286] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\yfTzi8OZD.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\yftzi8ozd.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc58d75b0, ftCreationTime.dwHighDateTime=0x1d9ab3c, ftLastAccessTime.dwLowDateTime=0x1a11d414, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a11d414, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x1583d)) returned 1 [0224.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.286] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\yfTzi8OZD.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\yftzi8ozd.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\yfTzi8OZD.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\yftzi8ozd.mp3.rtcrypted")) returned 1 [0224.288] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.288] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.289] GetFileType (hFile=0x2cc) returned 0x1 [0224.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.289] GetFileType (hFile=0x2cc) returned 0x1 [0224.289] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5042 [0224.290] WriteFile (in: hFile=0x2cc, lpBuffer=0x21436a8*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21436a8*, lpNumberOfBytesWritten=0x15ecc8*=0x45, lpOverlapped=0x0) returned 1 [0224.290] CloseHandle (hObject=0x2cc) returned 1 [0224.291] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.292] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7\\m1FI2FSO6c8hj.mp3", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7\\m1FI2FSO6c8hj.mp3", lpFilePart=0x0) returned 0x55 [0224.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.292] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7\\m1FI2FSO6c8hj.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\dvc8ktwxofj7\\m1fi2fso6c8hj.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.292] GetFileType (hFile=0x2cc) returned 0x1 [0224.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.293] GetFileType (hFile=0x2cc) returned 0x1 [0224.293] ReadFile (in: hFile=0x2cc, lpBuffer=0x2144c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2144c70*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.294] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.295] WriteFile (in: hFile=0x2cc, lpBuffer=0x2144c70*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2144c70*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.295] CloseHandle (hObject=0x2cc) returned 1 [0224.296] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7\\m1FI2FSO6c8hj.mp3", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7\\m1FI2FSO6c8hj.mp3", lpFilePart=0x0) returned 0x55 [0224.296] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7\\m1FI2FSO6c8hj.mp3.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7\\m1FI2FSO6c8hj.mp3.rtcrypted", lpFilePart=0x0) returned 0x5f [0224.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.296] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7\\m1FI2FSO6c8hj.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\dvc8ktwxofj7\\m1fi2fso6c8hj.mp3"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a238120, ftCreationTime.dwHighDateTime=0x1d9a9cd, ftLastAccessTime.dwLowDateTime=0x1a11d414, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a11d414, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x1591)) returned 1 [0224.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.297] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7\\m1FI2FSO6c8hj.mp3" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\dvc8ktwxofj7\\m1fi2fso6c8hj.mp3"), lpNewFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7\\m1FI2FSO6c8hj.mp3.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\dvc8ktwxofj7\\m1fi2fso6c8hj.mp3.rtcrypted")) returned 1 [0224.347] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.347] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.347] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.348] GetFileType (hFile=0x2cc) returned 0x1 [0224.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.348] GetFileType (hFile=0x2cc) returned 0x1 [0224.348] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5087 [0224.349] WriteFile (in: hFile=0x2cc, lpBuffer=0x2147620*, nNumberOfBytesToWrite=0x56, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2147620*, lpNumberOfBytesWritten=0x15ecc8*=0x56, lpOverlapped=0x0) returned 1 [0224.349] CloseHandle (hObject=0x2cc) returned 1 [0224.350] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.351] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\9bAP9Uzx.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\9bAP9Uzx.jpg", lpFilePart=0x0) returned 0x28 [0224.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.352] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\9bAP9Uzx.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\9bap9uzx.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.352] GetFileType (hFile=0x2cc) returned 0x1 [0224.353] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.353] GetFileType (hFile=0x2cc) returned 0x1 [0224.353] ReadFile (in: hFile=0x2cc, lpBuffer=0x2148b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2148b88*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.354] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.354] WriteFile (in: hFile=0x2cc, lpBuffer=0x2148b88*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2148b88*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.354] CloseHandle (hObject=0x2cc) returned 1 [0224.355] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\9bAP9Uzx.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\9bAP9Uzx.jpg", lpFilePart=0x0) returned 0x28 [0224.355] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\9bAP9Uzx.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\9bAP9Uzx.jpg.rtcrypted", lpFilePart=0x0) returned 0x32 [0224.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.355] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\9bAP9Uzx.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\9bap9uzx.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8e65a30, ftCreationTime.dwHighDateTime=0x1d9ad36, ftLastAccessTime.dwLowDateTime=0x1a1b5aff, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a1b5aff, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x14c2b)) returned 1 [0224.355] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.356] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\9bAP9Uzx.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\9bap9uzx.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\9bAP9Uzx.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\9bap9uzx.jpg.rtcrypted")) returned 1 [0224.358] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.358] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.359] GetFileType (hFile=0x2cc) returned 0x1 [0224.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.359] GetFileType (hFile=0x2cc) returned 0x1 [0224.359] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x50dd [0224.360] WriteFile (in: hFile=0x2cc, lpBuffer=0x214b3d8*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x214b3d8*, lpNumberOfBytesWritten=0x15ecc8*=0x29, lpOverlapped=0x0) returned 1 [0224.360] CloseHandle (hObject=0x2cc) returned 1 [0224.363] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.363] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\XJlr4B62K0xVJsS jZ.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\XJlr4B62K0xVJsS jZ.jpg", lpFilePart=0x0) returned 0x32 [0224.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.364] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\XJlr4B62K0xVJsS jZ.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\xjlr4b62k0xvjss jz.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.364] GetFileType (hFile=0x2cc) returned 0x1 [0224.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.364] GetFileType (hFile=0x2cc) returned 0x1 [0224.365] ReadFile (in: hFile=0x2cc, lpBuffer=0x214c948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x214c948*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.365] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.365] WriteFile (in: hFile=0x2cc, lpBuffer=0x214c948*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x214c948*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.366] CloseHandle (hObject=0x2cc) returned 1 [0224.366] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\XJlr4B62K0xVJsS jZ.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\XJlr4B62K0xVJsS jZ.jpg", lpFilePart=0x0) returned 0x32 [0224.366] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\XJlr4B62K0xVJsS jZ.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\XJlr4B62K0xVJsS jZ.jpg.rtcrypted", lpFilePart=0x0) returned 0x3c [0224.367] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.367] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\XJlr4B62K0xVJsS jZ.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\xjlr4b62k0xvjss jz.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33697f90, ftCreationTime.dwHighDateTime=0x1d9a640, ftLastAccessTime.dwLowDateTime=0x1a1dbe37, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a1dbe37, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x11952)) returned 1 [0224.367] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.367] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\XJlr4B62K0xVJsS jZ.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\xjlr4b62k0xvjss jz.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\XJlr4B62K0xVJsS jZ.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\xjlr4b62k0xvjss jz.jpg.rtcrypted")) returned 1 [0224.368] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.368] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.369] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.369] GetFileType (hFile=0x2cc) returned 0x1 [0224.369] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.369] GetFileType (hFile=0x2cc) returned 0x1 [0224.369] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5106 [0224.370] WriteFile (in: hFile=0x2cc, lpBuffer=0x214f200*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x214f200*, lpNumberOfBytesWritten=0x15ecc8*=0x33, lpOverlapped=0x0) returned 1 [0224.370] CloseHandle (hObject=0x2cc) returned 1 [0224.371] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.371] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\167VqDu0.png", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\167VqDu0.png", lpFilePart=0x0) returned 0x2f [0224.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.372] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\167VqDu0.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\167vqdu0.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.372] GetFileType (hFile=0x2cc) returned 0x1 [0224.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.372] GetFileType (hFile=0x2cc) returned 0x1 [0224.372] ReadFile (in: hFile=0x2cc, lpBuffer=0x2150758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2150758*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.374] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.374] WriteFile (in: hFile=0x2cc, lpBuffer=0x2150758*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2150758*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.374] CloseHandle (hObject=0x2cc) returned 1 [0224.375] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\167VqDu0.png", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\167VqDu0.png", lpFilePart=0x0) returned 0x2f [0224.375] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\167VqDu0.png.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\167VqDu0.png.rtcrypted", lpFilePart=0x0) returned 0x39 [0224.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.375] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\167VqDu0.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\167vqdu0.png"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69c2c8f0, ftCreationTime.dwHighDateTime=0x1d9a9b8, ftLastAccessTime.dwLowDateTime=0x1a1dbe37, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a1dbe37, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x4b80)) returned 1 [0224.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.375] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\167VqDu0.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\167vqdu0.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\167VqDu0.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\167vqdu0.png.rtcrypted")) returned 1 [0224.385] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.385] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.385] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.385] GetFileType (hFile=0x2cc) returned 0x1 [0224.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.386] GetFileType (hFile=0x2cc) returned 0x1 [0224.386] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5139 [0224.386] WriteFile (in: hFile=0x2cc, lpBuffer=0x2152ff8*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2152ff8*, lpNumberOfBytesWritten=0x15ecc8*=0x30, lpOverlapped=0x0) returned 1 [0224.387] CloseHandle (hObject=0x2cc) returned 1 [0224.387] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.388] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\3oUk3Xp.bmp", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\3oUk3Xp.bmp", lpFilePart=0x0) returned 0x2e [0224.388] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.388] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\3oUk3Xp.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\3ouk3xp.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.389] GetFileType (hFile=0x2cc) returned 0x1 [0224.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.389] GetFileType (hFile=0x2cc) returned 0x1 [0224.389] ReadFile (in: hFile=0x2cc, lpBuffer=0x2154548, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2154548*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.391] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.391] WriteFile (in: hFile=0x2cc, lpBuffer=0x2154548*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2154548*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.391] CloseHandle (hObject=0x2cc) returned 1 [0224.391] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\3oUk3Xp.bmp", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\3oUk3Xp.bmp", lpFilePart=0x0) returned 0x2e [0224.440] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\3oUk3Xp.bmp.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\3oUk3Xp.bmp.rtcrypted", lpFilePart=0x0) returned 0x38 [0224.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.440] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\3oUk3Xp.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\3ouk3xp.bmp"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf51cfb90, ftCreationTime.dwHighDateTime=0x1d9aa3b, ftLastAccessTime.dwLowDateTime=0x1a202214, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a202214, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xf1ca)) returned 1 [0224.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.440] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\3oUk3Xp.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\3ouk3xp.bmp"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\3oUk3Xp.bmp.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\3ouk3xp.bmp.rtcrypted")) returned 1 [0224.442] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.443] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.443] GetFileType (hFile=0x2cc) returned 0x1 [0224.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.443] GetFileType (hFile=0x2cc) returned 0x1 [0224.443] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5169 [0224.444] WriteFile (in: hFile=0x2cc, lpBuffer=0x2156de0*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2156de0*, lpNumberOfBytesWritten=0x15ecc8*=0x2f, lpOverlapped=0x0) returned 1 [0224.444] CloseHandle (hObject=0x2cc) returned 1 [0224.445] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.446] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\aXS6vb.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\aXS6vb.jpg", lpFilePart=0x0) returned 0x2d [0224.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.447] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\aXS6vb.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\axs6vb.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.447] GetFileType (hFile=0x2cc) returned 0x1 [0224.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.448] GetFileType (hFile=0x2cc) returned 0x1 [0224.448] ReadFile (in: hFile=0x2cc, lpBuffer=0x2158330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2158330*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.450] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.450] WriteFile (in: hFile=0x2cc, lpBuffer=0x2158330*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2158330*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.450] CloseHandle (hObject=0x2cc) returned 1 [0224.451] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\aXS6vb.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\aXS6vb.jpg", lpFilePart=0x0) returned 0x2d [0224.451] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\aXS6vb.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\aXS6vb.jpg.rtcrypted", lpFilePart=0x0) returned 0x37 [0224.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.451] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\aXS6vb.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\axs6vb.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77b6e7b0, ftCreationTime.dwHighDateTime=0x1d9b2c4, ftLastAccessTime.dwLowDateTime=0x1a29aca4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a29aca4, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x1765c)) returned 1 [0224.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.451] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\aXS6vb.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\axs6vb.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\aXS6vb.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\axs6vb.jpg.rtcrypted")) returned 1 [0224.453] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.454] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.454] GetFileType (hFile=0x2cc) returned 0x1 [0224.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.454] GetFileType (hFile=0x2cc) returned 0x1 [0224.455] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5198 [0224.456] WriteFile (in: hFile=0x2cc, lpBuffer=0x215abb8*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x215abb8*, lpNumberOfBytesWritten=0x15ecc8*=0x2e, lpOverlapped=0x0) returned 1 [0224.456] CloseHandle (hObject=0x2cc) returned 1 [0224.457] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.457] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\BG-3Ru.bmp", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\BG-3Ru.bmp", lpFilePart=0x0) returned 0x2d [0224.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.458] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\BG-3Ru.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\bg-3ru.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.458] GetFileType (hFile=0x2cc) returned 0x1 [0224.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.458] GetFileType (hFile=0x2cc) returned 0x1 [0224.458] ReadFile (in: hFile=0x2cc, lpBuffer=0x215c108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x215c108*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.460] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.460] WriteFile (in: hFile=0x2cc, lpBuffer=0x215c108*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x215c108*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.461] CloseHandle (hObject=0x2cc) returned 1 [0224.461] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\BG-3Ru.bmp", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\BG-3Ru.bmp", lpFilePart=0x0) returned 0x2d [0224.462] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\BG-3Ru.bmp.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\BG-3Ru.bmp.rtcrypted", lpFilePart=0x0) returned 0x37 [0224.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\BG-3Ru.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\bg-3ru.bmp"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefb1c4a0, ftCreationTime.dwHighDateTime=0x1d9a528, ftLastAccessTime.dwLowDateTime=0x1a2c0ee9, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a2c0ee9, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xf734)) returned 1 [0224.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.462] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\BG-3Ru.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\bg-3ru.bmp"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\BG-3Ru.bmp.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\bg-3ru.bmp.rtcrypted")) returned 1 [0224.464] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.464] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.464] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.464] GetFileType (hFile=0x2cc) returned 0x1 [0224.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.465] GetFileType (hFile=0x2cc) returned 0x1 [0224.465] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x51c6 [0224.466] WriteFile (in: hFile=0x2cc, lpBuffer=0x215e990*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x215e990*, lpNumberOfBytesWritten=0x15ecc8*=0x2e, lpOverlapped=0x0) returned 1 [0224.466] CloseHandle (hObject=0x2cc) returned 1 [0224.467] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.467] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\l_tj4.png", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\l_tj4.png", lpFilePart=0x0) returned 0x2c [0224.467] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.468] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\l_tj4.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\l_tj4.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.468] GetFileType (hFile=0x2cc) returned 0x1 [0224.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.468] GetFileType (hFile=0x2cc) returned 0x1 [0224.468] ReadFile (in: hFile=0x2cc, lpBuffer=0x215fee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x215fee0*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.491] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.491] WriteFile (in: hFile=0x2cc, lpBuffer=0x215fee0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x215fee0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.492] CloseHandle (hObject=0x2cc) returned 1 [0224.492] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\l_tj4.png", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\l_tj4.png", lpFilePart=0x0) returned 0x2c [0224.492] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\l_tj4.png.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\l_tj4.png.rtcrypted", lpFilePart=0x0) returned 0x36 [0224.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.492] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\l_tj4.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\l_tj4.png"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c2f3150, ftCreationTime.dwHighDateTime=0x1d9a882, ftLastAccessTime.dwLowDateTime=0x1a30d26e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a30d26e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x858e)) returned 1 [0224.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.493] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\l_tj4.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\l_tj4.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\l_tj4.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\l_tj4.png.rtcrypted")) returned 1 [0224.494] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.495] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.495] GetFileType (hFile=0x2cc) returned 0x1 [0224.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.495] GetFileType (hFile=0x2cc) returned 0x1 [0224.495] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x51f4 [0224.496] WriteFile (in: hFile=0x2cc, lpBuffer=0x2162750*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2162750*, lpNumberOfBytesWritten=0x15ecc8*=0x2d, lpOverlapped=0x0) returned 1 [0224.496] CloseHandle (hObject=0x2cc) returned 1 [0224.497] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.498] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\6zSAXoBMshJ arRcZrD.png", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\6zSAXoBMshJ arRcZrD.png", lpFilePart=0x0) returned 0x46 [0224.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.498] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\6zSAXoBMshJ arRcZrD.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\6zsaxobmshj arrczrd.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.499] GetFileType (hFile=0x2cc) returned 0x1 [0224.499] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.499] GetFileType (hFile=0x2cc) returned 0x1 [0224.499] ReadFile (in: hFile=0x2cc, lpBuffer=0x2163d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2163d00*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.552] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.552] WriteFile (in: hFile=0x2cc, lpBuffer=0x2163d00*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2163d00*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.552] CloseHandle (hObject=0x2cc) returned 1 [0224.553] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\6zSAXoBMshJ arRcZrD.png", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\6zSAXoBMshJ arRcZrD.png", lpFilePart=0x0) returned 0x46 [0224.553] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\6zSAXoBMshJ arRcZrD.png.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\6zSAXoBMshJ arRcZrD.png.rtcrypted", lpFilePart=0x0) returned 0x50 [0224.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\6zSAXoBMshJ arRcZrD.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\6zsaxobmshj arrczrd.png"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4a199b0, ftCreationTime.dwHighDateTime=0x1d9a60c, ftLastAccessTime.dwLowDateTime=0x1a3a5ca6, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a3a5ca6, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x13e1d)) returned 1 [0224.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.553] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\6zSAXoBMshJ arRcZrD.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\6zsaxobmshj arrczrd.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\6zSAXoBMshJ arRcZrD.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\6zsaxobmshj arrczrd.png.rtcrypted")) returned 1 [0224.555] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.556] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.556] GetFileType (hFile=0x2cc) returned 0x1 [0224.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.556] GetFileType (hFile=0x2cc) returned 0x1 [0224.556] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5221 [0224.557] WriteFile (in: hFile=0x2cc, lpBuffer=0x2166640*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2166640*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0224.557] CloseHandle (hObject=0x2cc) returned 1 [0224.558] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.559] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\bxOJ-KchVEH.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\bxOJ-KchVEH.jpg", lpFilePart=0x0) returned 0x3e [0224.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.559] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\bxOJ-KchVEH.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\bxoj-kchveh.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.560] GetFileType (hFile=0x2cc) returned 0x1 [0224.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.560] GetFileType (hFile=0x2cc) returned 0x1 [0224.560] ReadFile (in: hFile=0x2cc, lpBuffer=0x2167bd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2167bd0*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.562] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.562] WriteFile (in: hFile=0x2cc, lpBuffer=0x2167bd0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2167bd0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.563] CloseHandle (hObject=0x2cc) returned 1 [0224.563] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\bxOJ-KchVEH.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\bxOJ-KchVEH.jpg", lpFilePart=0x0) returned 0x3e [0224.563] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\bxOJ-KchVEH.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\bxOJ-KchVEH.jpg.rtcrypted", lpFilePart=0x0) returned 0x48 [0224.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\bxOJ-KchVEH.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\bxoj-kchveh.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb841320, ftCreationTime.dwHighDateTime=0x1d9af58, ftLastAccessTime.dwLowDateTime=0x1a3a5ca6, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a3a5ca6, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x11d0c)) returned 1 [0224.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.563] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\bxOJ-KchVEH.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\bxoj-kchveh.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\bxOJ-KchVEH.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\bxoj-kchveh.jpg.rtcrypted")) returned 1 [0224.566] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.566] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.567] GetFileType (hFile=0x2cc) returned 0x1 [0224.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.567] GetFileType (hFile=0x2cc) returned 0x1 [0224.567] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5268 [0224.568] WriteFile (in: hFile=0x2cc, lpBuffer=0x216a4d0*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x216a4d0*, lpNumberOfBytesWritten=0x15ecc8*=0x3f, lpOverlapped=0x0) returned 1 [0224.568] CloseHandle (hObject=0x2cc) returned 1 [0224.569] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.569] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\I-byl6.bmp", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\I-byl6.bmp", lpFilePart=0x0) returned 0x39 [0224.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.570] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\I-byl6.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\i-byl6.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.571] GetFileType (hFile=0x2cc) returned 0x1 [0224.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.571] GetFileType (hFile=0x2cc) returned 0x1 [0224.571] ReadFile (in: hFile=0x2cc, lpBuffer=0x216ba50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x216ba50*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.573] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.573] WriteFile (in: hFile=0x2cc, lpBuffer=0x216ba50*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x216ba50*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.573] CloseHandle (hObject=0x2cc) returned 1 [0224.574] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\I-byl6.bmp", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\I-byl6.bmp", lpFilePart=0x0) returned 0x39 [0224.574] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\I-byl6.bmp.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\I-byl6.bmp.rtcrypted", lpFilePart=0x0) returned 0x43 [0224.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.574] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\I-byl6.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\i-byl6.bmp"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe9bac30, ftCreationTime.dwHighDateTime=0x1d9af80, ftLastAccessTime.dwLowDateTime=0x1a3cc1db, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a3cc1db, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x18a6f)) returned 1 [0224.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.574] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\I-byl6.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\i-byl6.bmp"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\I-byl6.bmp.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\i-byl6.bmp.rtcrypted")) returned 1 [0224.576] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.576] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.577] GetFileType (hFile=0x2cc) returned 0x1 [0224.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.577] GetFileType (hFile=0x2cc) returned 0x1 [0224.577] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x52a7 [0224.578] WriteFile (in: hFile=0x2cc, lpBuffer=0x216e320*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x216e320*, lpNumberOfBytesWritten=0x15ecc8*=0x3a, lpOverlapped=0x0) returned 1 [0224.578] CloseHandle (hObject=0x2cc) returned 1 [0224.580] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.581] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\QCPL9rrlRNtbF01 0.bmp", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\QCPL9rrlRNtbF01 0.bmp", lpFilePart=0x0) returned 0x44 [0224.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.581] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\QCPL9rrlRNtbF01 0.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\qcpl9rrlrntbf01 0.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.581] GetFileType (hFile=0x2cc) returned 0x1 [0224.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.582] GetFileType (hFile=0x2cc) returned 0x1 [0224.582] ReadFile (in: hFile=0x2cc, lpBuffer=0x216f8d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x216f8d0*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.585] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.585] WriteFile (in: hFile=0x2cc, lpBuffer=0x216f8d0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x216f8d0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.585] CloseHandle (hObject=0x2cc) returned 1 [0224.586] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\QCPL9rrlRNtbF01 0.bmp", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\QCPL9rrlRNtbF01 0.bmp", lpFilePart=0x0) returned 0x44 [0224.586] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\QCPL9rrlRNtbF01 0.bmp.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\QCPL9rrlRNtbF01 0.bmp.rtcrypted", lpFilePart=0x0) returned 0x4e [0224.586] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.586] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\QCPL9rrlRNtbF01 0.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\qcpl9rrlrntbf01 0.bmp"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x704c74e0, ftCreationTime.dwHighDateTime=0x1d9aabd, ftLastAccessTime.dwLowDateTime=0x1a3f252a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a3f252a, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x755a)) returned 1 [0224.586] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.586] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\QCPL9rrlRNtbF01 0.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\qcpl9rrlrntbf01 0.bmp"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\QCPL9rrlRNtbF01 0.bmp.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\qcpl9rrlrntbf01 0.bmp.rtcrypted")) returned 1 [0224.588] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.588] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.589] GetFileType (hFile=0x2cc) returned 0x1 [0224.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.589] GetFileType (hFile=0x2cc) returned 0x1 [0224.589] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x52e1 [0224.589] WriteFile (in: hFile=0x2cc, lpBuffer=0x2172200*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2172200*, lpNumberOfBytesWritten=0x15ecc8*=0x45, lpOverlapped=0x0) returned 1 [0224.590] CloseHandle (hObject=0x2cc) returned 1 [0224.591] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.591] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\s6LOWfDyf84Fy2ur3.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\s6LOWfDyf84Fy2ur3.jpg", lpFilePart=0x0) returned 0x44 [0224.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.592] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\s6LOWfDyf84Fy2ur3.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\s6lowfdyf84fy2ur3.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.592] GetFileType (hFile=0x2cc) returned 0x1 [0224.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.592] GetFileType (hFile=0x2cc) returned 0x1 [0224.593] ReadFile (in: hFile=0x2cc, lpBuffer=0x21737b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21737b0*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.595] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.595] WriteFile (in: hFile=0x2cc, lpBuffer=0x21737b0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21737b0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.691] CloseHandle (hObject=0x2cc) returned 1 [0224.691] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\s6LOWfDyf84Fy2ur3.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\s6LOWfDyf84Fy2ur3.jpg", lpFilePart=0x0) returned 0x44 [0224.691] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\s6LOWfDyf84Fy2ur3.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\s6LOWfDyf84Fy2ur3.jpg.rtcrypted", lpFilePart=0x0) returned 0x4e [0224.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.691] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\s6LOWfDyf84Fy2ur3.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\s6lowfdyf84fy2ur3.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ab51fa0, ftCreationTime.dwHighDateTime=0x1d9b1f2, ftLastAccessTime.dwLowDateTime=0x1a3f252a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a3f252a, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x16d10)) returned 1 [0224.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.692] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\s6LOWfDyf84Fy2ur3.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\s6lowfdyf84fy2ur3.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\s6LOWfDyf84Fy2ur3.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\s6lowfdyf84fy2ur3.jpg.rtcrypted")) returned 1 [0224.695] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.695] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.695] GetFileType (hFile=0x2cc) returned 0x1 [0224.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.696] GetFileType (hFile=0x2cc) returned 0x1 [0224.696] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5326 [0224.696] WriteFile (in: hFile=0x2cc, lpBuffer=0x21b1360*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21b1360*, lpNumberOfBytesWritten=0x15ecc8*=0x45, lpOverlapped=0x0) returned 1 [0224.696] CloseHandle (hObject=0x2cc) returned 1 [0224.698] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.698] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\40MOvGfppj4bDSgoaCIa.png", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\40MOvGfppj4bDSgoaCIa.png", lpFilePart=0x0) returned 0x52 [0224.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.699] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\40MOvGfppj4bDSgoaCIa.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\40movgfppj4bdsgoacia.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.699] GetFileType (hFile=0x2cc) returned 0x1 [0224.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.699] GetFileType (hFile=0x2cc) returned 0x1 [0224.699] ReadFile (in: hFile=0x2cc, lpBuffer=0x21b2918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21b2918*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.701] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.701] WriteFile (in: hFile=0x2cc, lpBuffer=0x21b2918*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21b2918*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.701] CloseHandle (hObject=0x2cc) returned 1 [0224.702] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\40MOvGfppj4bDSgoaCIa.png", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\40MOvGfppj4bDSgoaCIa.png", lpFilePart=0x0) returned 0x52 [0224.702] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\40MOvGfppj4bDSgoaCIa.png.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\40MOvGfppj4bDSgoaCIa.png.rtcrypted", lpFilePart=0x0) returned 0x5c [0224.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.702] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\40MOvGfppj4bDSgoaCIa.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\40movgfppj4bdsgoacia.png"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98272360, ftCreationTime.dwHighDateTime=0x1d9b2ca, ftLastAccessTime.dwLowDateTime=0x1a4ff3d7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a4ff3d7, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x15d86)) returned 1 [0224.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.702] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\40MOvGfppj4bDSgoaCIa.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\40movgfppj4bdsgoacia.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\40MOvGfppj4bDSgoaCIa.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\40movgfppj4bdsgoacia.png.rtcrypted")) returned 1 [0224.705] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.705] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.705] GetFileType (hFile=0x2cc) returned 0x1 [0224.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.705] GetFileType (hFile=0x2cc) returned 0x1 [0224.706] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x536b [0224.706] WriteFile (in: hFile=0x2cc, lpBuffer=0x21b52d0*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21b52d0*, lpNumberOfBytesWritten=0x15ecc8*=0x53, lpOverlapped=0x0) returned 1 [0224.706] CloseHandle (hObject=0x2cc) returned 1 [0224.707] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.708] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\ouGe8u.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\ouGe8u.jpg", lpFilePart=0x0) returned 0x44 [0224.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.708] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\ouGe8u.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ouge8u.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.709] GetFileType (hFile=0x2cc) returned 0x1 [0224.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.709] GetFileType (hFile=0x2cc) returned 0x1 [0224.709] ReadFile (in: hFile=0x2cc, lpBuffer=0x21b6850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21b6850*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.711] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.711] WriteFile (in: hFile=0x2cc, lpBuffer=0x21b6850*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21b6850*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.712] CloseHandle (hObject=0x2cc) returned 1 [0224.712] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\ouGe8u.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\ouGe8u.jpg", lpFilePart=0x0) returned 0x44 [0224.712] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\ouGe8u.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\ouGe8u.jpg.rtcrypted", lpFilePart=0x0) returned 0x4e [0224.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\ouGe8u.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ouge8u.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ac3afb0, ftCreationTime.dwHighDateTime=0x1d9a8aa, ftLastAccessTime.dwLowDateTime=0x1a523566, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a523566, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x1cb3)) returned 1 [0224.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.713] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\ouGe8u.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ouge8u.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\ouGe8u.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ouge8u.jpg.rtcrypted")) returned 1 [0224.714] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.715] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.715] GetFileType (hFile=0x2cc) returned 0x1 [0224.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.715] GetFileType (hFile=0x2cc) returned 0x1 [0224.715] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x53be [0224.716] WriteFile (in: hFile=0x2cc, lpBuffer=0x21b9198*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21b9198*, lpNumberOfBytesWritten=0x15ecc8*=0x45, lpOverlapped=0x0) returned 1 [0224.716] CloseHandle (hObject=0x2cc) returned 1 [0224.717] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.718] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\qs6pMlaa5Rs-Y.png", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\qs6pMlaa5Rs-Y.png", lpFilePart=0x0) returned 0x4b [0224.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.718] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\qs6pMlaa5Rs-Y.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\qs6pmlaa5rs-y.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.718] GetFileType (hFile=0x2cc) returned 0x1 [0224.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.719] GetFileType (hFile=0x2cc) returned 0x1 [0224.719] ReadFile (in: hFile=0x2cc, lpBuffer=0x21ba730, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21ba730*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.723] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.723] WriteFile (in: hFile=0x2cc, lpBuffer=0x21ba730*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21ba730*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.723] CloseHandle (hObject=0x2cc) returned 1 [0224.724] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\qs6pMlaa5Rs-Y.png", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\qs6pMlaa5Rs-Y.png", lpFilePart=0x0) returned 0x4b [0224.724] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\qs6pMlaa5Rs-Y.png.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\qs6pMlaa5Rs-Y.png.rtcrypted", lpFilePart=0x0) returned 0x55 [0224.724] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.724] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\qs6pMlaa5Rs-Y.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\qs6pmlaa5rs-y.png"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a740460, ftCreationTime.dwHighDateTime=0x1d9a55b, ftLastAccessTime.dwLowDateTime=0x1a549778, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a549778, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x13db9)) returned 1 [0224.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.725] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\qs6pMlaa5Rs-Y.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\qs6pmlaa5rs-y.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\qs6pMlaa5Rs-Y.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\qs6pmlaa5rs-y.png.rtcrypted")) returned 1 [0224.726] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.727] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.727] GetFileType (hFile=0x2cc) returned 0x1 [0224.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.727] GetFileType (hFile=0x2cc) returned 0x1 [0224.727] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5403 [0224.728] WriteFile (in: hFile=0x2cc, lpBuffer=0x21bd0b0*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21bd0b0*, lpNumberOfBytesWritten=0x15ecc8*=0x4c, lpOverlapped=0x0) returned 1 [0224.728] CloseHandle (hObject=0x2cc) returned 1 [0224.729] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.729] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\s2-K8n6SGy6b44.png", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\s2-K8n6SGy6b44.png", lpFilePart=0x0) returned 0x4c [0224.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.730] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\s2-K8n6SGy6b44.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\s2-k8n6sgy6b44.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.730] GetFileType (hFile=0x2cc) returned 0x1 [0224.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.730] GetFileType (hFile=0x2cc) returned 0x1 [0224.731] ReadFile (in: hFile=0x2cc, lpBuffer=0x21be650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21be650*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.733] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.733] WriteFile (in: hFile=0x2cc, lpBuffer=0x21be650*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21be650*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.734] CloseHandle (hObject=0x2cc) returned 1 [0224.734] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\s2-K8n6SGy6b44.png", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\s2-K8n6SGy6b44.png", lpFilePart=0x0) returned 0x4c [0224.734] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\s2-K8n6SGy6b44.png.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\s2-K8n6SGy6b44.png.rtcrypted", lpFilePart=0x0) returned 0x56 [0224.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.734] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\s2-K8n6SGy6b44.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\s2-k8n6sgy6b44.png"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x161b5af0, ftCreationTime.dwHighDateTime=0x1d9af7b, ftLastAccessTime.dwLowDateTime=0x1a549778, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a549778, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x16e69)) returned 1 [0224.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.815] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\s2-K8n6SGy6b44.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\s2-k8n6sgy6b44.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\s2-K8n6SGy6b44.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\s2-k8n6sgy6b44.png.rtcrypted")) returned 1 [0224.817] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.817] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.818] GetFileType (hFile=0x2cc) returned 0x1 [0224.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.818] GetFileType (hFile=0x2cc) returned 0x1 [0224.818] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x544f [0224.819] WriteFile (in: hFile=0x2cc, lpBuffer=0x21c5eb0*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21c5eb0*, lpNumberOfBytesWritten=0x15ecc8*=0x4d, lpOverlapped=0x0) returned 1 [0224.819] CloseHandle (hObject=0x2cc) returned 1 [0224.820] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.820] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\u7sDs2LZ.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\u7sDs2LZ.jpg", lpFilePart=0x0) returned 0x46 [0224.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.821] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\u7sDs2LZ.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\u7sds2lz.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.821] GetFileType (hFile=0x2cc) returned 0x1 [0224.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.821] GetFileType (hFile=0x2cc) returned 0x1 [0224.822] ReadFile (in: hFile=0x2cc, lpBuffer=0x21c7450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21c7450*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.824] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.824] WriteFile (in: hFile=0x2cc, lpBuffer=0x21c7450*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21c7450*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.824] CloseHandle (hObject=0x2cc) returned 1 [0224.824] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\u7sDs2LZ.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\u7sDs2LZ.jpg", lpFilePart=0x0) returned 0x46 [0224.825] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\u7sDs2LZ.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\u7sDs2LZ.jpg.rtcrypted", lpFilePart=0x0) returned 0x50 [0224.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.825] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\u7sDs2LZ.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\u7sds2lz.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa86dede0, ftCreationTime.dwHighDateTime=0x1d9b1d4, ftLastAccessTime.dwLowDateTime=0x1a62e6d0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a62e6d0, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xeb8f)) returned 1 [0224.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.825] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\u7sDs2LZ.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\u7sds2lz.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\u7sDs2LZ.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\u7sds2lz.jpg.rtcrypted")) returned 1 [0224.827] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.827] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.827] GetFileType (hFile=0x2cc) returned 0x1 [0224.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.828] GetFileType (hFile=0x2cc) returned 0x1 [0224.828] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x549c [0224.828] WriteFile (in: hFile=0x2cc, lpBuffer=0x21c9d90*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21c9d90*, lpNumberOfBytesWritten=0x15ecc8*=0x47, lpOverlapped=0x0) returned 1 [0224.832] CloseHandle (hObject=0x2cc) returned 1 [0224.833] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.833] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\3mZ1.png", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\3mZ1.png", lpFilePart=0x0) returned 0x4c [0224.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.834] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\3mZ1.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\3mz1.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.834] GetFileType (hFile=0x2cc) returned 0x1 [0224.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.834] GetFileType (hFile=0x2cc) returned 0x1 [0224.835] ReadFile (in: hFile=0x2cc, lpBuffer=0x21cb338, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21cb338*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.835] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.835] WriteFile (in: hFile=0x2cc, lpBuffer=0x21cb338*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21cb338*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.835] CloseHandle (hObject=0x2cc) returned 1 [0224.836] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\3mZ1.png", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\3mZ1.png", lpFilePart=0x0) returned 0x4c [0224.836] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\3mZ1.png.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\3mZ1.png.rtcrypted", lpFilePart=0x0) returned 0x56 [0224.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\3mZ1.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\3mz1.png"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f1235b0, ftCreationTime.dwHighDateTime=0x1d9b409, ftLastAccessTime.dwLowDateTime=0x1a65486c, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a65486c, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xea9f)) returned 1 [0224.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.836] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\3mZ1.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\3mz1.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\3mZ1.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\3mz1.png.rtcrypted")) returned 1 [0224.838] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.838] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.839] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.839] GetFileType (hFile=0x2cc) returned 0x1 [0224.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.839] GetFileType (hFile=0x2cc) returned 0x1 [0224.839] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x54e3 [0224.840] WriteFile (in: hFile=0x2cc, lpBuffer=0x21cdca8*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21cdca8*, lpNumberOfBytesWritten=0x15ecc8*=0x4d, lpOverlapped=0x0) returned 1 [0224.840] CloseHandle (hObject=0x2cc) returned 1 [0224.841] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.842] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\4JVJiWmKgWLlh.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\4JVJiWmKgWLlh.jpg", lpFilePart=0x0) returned 0x55 [0224.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.842] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\4JVJiWmKgWLlh.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\4jvjiwmkgwllh.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.843] GetFileType (hFile=0x2cc) returned 0x1 [0224.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.843] GetFileType (hFile=0x2cc) returned 0x1 [0224.843] ReadFile (in: hFile=0x2cc, lpBuffer=0x21cf270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21cf270*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.844] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.844] WriteFile (in: hFile=0x2cc, lpBuffer=0x21cf270*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21cf270*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.844] CloseHandle (hObject=0x2cc) returned 1 [0224.844] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\4JVJiWmKgWLlh.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\4JVJiWmKgWLlh.jpg", lpFilePart=0x0) returned 0x55 [0224.844] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\4JVJiWmKgWLlh.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\4JVJiWmKgWLlh.jpg.rtcrypted", lpFilePart=0x0) returned 0x5f [0224.845] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\4JVJiWmKgWLlh.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\4jvjiwmkgwllh.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecb6e10, ftCreationTime.dwHighDateTime=0x1d9a6fd, ftLastAccessTime.dwLowDateTime=0x1a65486c, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a65486c, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x9f4e)) returned 1 [0224.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.846] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\4JVJiWmKgWLlh.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\4jvjiwmkgwllh.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\4JVJiWmKgWLlh.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\4jvjiwmkgwllh.jpg.rtcrypted")) returned 1 [0224.848] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.848] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.849] GetFileType (hFile=0x2cc) returned 0x1 [0224.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.849] GetFileType (hFile=0x2cc) returned 0x1 [0224.849] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5530 [0224.849] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d1c20*, nNumberOfBytesToWrite=0x56, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21d1c20*, lpNumberOfBytesWritten=0x15ecc8*=0x56, lpOverlapped=0x0) returned 1 [0224.850] CloseHandle (hObject=0x2cc) returned 1 [0224.851] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.851] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\ikU4Z6NJTIS4CI7XUt.png", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\ikU4Z6NJTIS4CI7XUt.png", lpFilePart=0x0) returned 0x5a [0224.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0224.852] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\ikU4Z6NJTIS4CI7XUt.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\iku4z6njtis4ci7xut.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0224.852] GetFileType (hFile=0x2cc) returned 0x1 [0224.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0224.852] GetFileType (hFile=0x2cc) returned 0x1 [0224.853] ReadFile (in: hFile=0x2cc, lpBuffer=0x21d31f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21d31f8*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0224.853] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0224.853] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d31f8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21d31f8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0224.854] CloseHandle (hObject=0x2cc) returned 1 [0224.854] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\ikU4Z6NJTIS4CI7XUt.png", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\ikU4Z6NJTIS4CI7XUt.png", lpFilePart=0x0) returned 0x5a [0224.854] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\ikU4Z6NJTIS4CI7XUt.png.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\ikU4Z6NJTIS4CI7XUt.png.rtcrypted", lpFilePart=0x0) returned 0x64 [0224.854] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0224.854] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\ikU4Z6NJTIS4CI7XUt.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\iku4z6njtis4ci7xut.png"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x113555d0, ftCreationTime.dwHighDateTime=0x1d9a784, ftLastAccessTime.dwLowDateTime=0x1a67ab5d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a67ab5d, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x18f9f)) returned 1 [0224.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0224.855] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\ikU4Z6NJTIS4CI7XUt.png" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\iku4z6njtis4ci7xut.png"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\ikU4Z6NJTIS4CI7XUt.png.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\iku4z6njtis4ci7xut.png.rtcrypted")) returned 1 [0224.857] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0224.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0224.857] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0224.857] GetFileType (hFile=0x2cc) returned 0x1 [0224.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0224.858] GetFileType (hFile=0x2cc) returned 0x1 [0224.858] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5586 [0224.858] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d5bd8*, nNumberOfBytesToWrite=0x5b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21d5bd8*, lpNumberOfBytesWritten=0x15ecc8*=0x5b, lpOverlapped=0x0) returned 1 [0224.859] CloseHandle (hObject=0x2cc) returned 1 [0224.860] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0224.860] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\Wy7xkGTjTM8mqiSz.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\Wy7xkGTjTM8mqiSz.jpg", lpFilePart=0x0) returned 0x58 [0224.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.027] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\Wy7xkGTjTM8mqiSz.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\wy7xkgtjtm8mqisz.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.028] GetFileType (hFile=0x2cc) returned 0x1 [0225.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.028] GetFileType (hFile=0x2cc) returned 0x1 [0225.029] ReadFile (in: hFile=0x2cc, lpBuffer=0x21d71b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21d71b0*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.029] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.029] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d71b0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21d71b0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.030] CloseHandle (hObject=0x2cc) returned 1 [0225.030] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\Wy7xkGTjTM8mqiSz.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\Wy7xkGTjTM8mqiSz.jpg", lpFilePart=0x0) returned 0x58 [0225.030] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\Wy7xkGTjTM8mqiSz.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\Wy7xkGTjTM8mqiSz.jpg.rtcrypted", lpFilePart=0x0) returned 0x62 [0225.030] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.030] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\Wy7xkGTjTM8mqiSz.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\wy7xkgtjtm8mqisz.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c20bcd0, ftCreationTime.dwHighDateTime=0x1d9adb4, ftLastAccessTime.dwLowDateTime=0x1a81e51d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a81e51d, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xfc04)) returned 1 [0225.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.031] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\Wy7xkGTjTM8mqiSz.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\wy7xkgtjtm8mqisz.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\Wy7xkGTjTM8mqiSz.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\wy7xkgtjtm8mqisz.jpg.rtcrypted")) returned 1 [0225.034] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.034] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.034] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.035] GetFileType (hFile=0x2cc) returned 0x1 [0225.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.035] GetFileType (hFile=0x2cc) returned 0x1 [0225.036] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x55e1 [0225.036] WriteFile (in: hFile=0x2cc, lpBuffer=0x21d9b80*, nNumberOfBytesToWrite=0x59, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21d9b80*, lpNumberOfBytesWritten=0x15ecc8*=0x59, lpOverlapped=0x0) returned 1 [0225.037] CloseHandle (hObject=0x2cc) returned 1 [0225.038] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.039] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\_BTL8MHlXibeA v6.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\_BTL8MHlXibeA v6.jpg", lpFilePart=0x0) returned 0x58 [0225.039] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.039] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\_BTL8MHlXibeA v6.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\_btl8mhlxibea v6.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.039] GetFileType (hFile=0x2cc) returned 0x1 [0225.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.040] GetFileType (hFile=0x2cc) returned 0x1 [0225.040] ReadFile (in: hFile=0x2cc, lpBuffer=0x21db158, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21db158*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.040] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.041] WriteFile (in: hFile=0x2cc, lpBuffer=0x21db158*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21db158*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.041] CloseHandle (hObject=0x2cc) returned 1 [0225.041] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\_BTL8MHlXibeA v6.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\_BTL8MHlXibeA v6.jpg", lpFilePart=0x0) returned 0x58 [0225.041] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\_BTL8MHlXibeA v6.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\_BTL8MHlXibeA v6.jpg.rtcrypted", lpFilePart=0x0) returned 0x62 [0225.041] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.041] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\_BTL8MHlXibeA v6.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\_btl8mhlxibea v6.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcb97610, ftCreationTime.dwHighDateTime=0x1d9ad6e, ftLastAccessTime.dwLowDateTime=0x1a8449dd, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a8449dd, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x141bf)) returned 1 [0225.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.042] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\_BTL8MHlXibeA v6.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\_btl8mhlxibea v6.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\_BTL8MHlXibeA v6.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\_btl8mhlxibea v6.jpg.rtcrypted")) returned 1 [0225.043] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.044] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.044] GetFileType (hFile=0x2cc) returned 0x1 [0225.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.044] GetFileType (hFile=0x2cc) returned 0x1 [0225.044] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x563a [0225.045] WriteFile (in: hFile=0x2cc, lpBuffer=0x21ddb28*, nNumberOfBytesToWrite=0x59, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21ddb28*, lpNumberOfBytesWritten=0x15ecc8*=0x59, lpOverlapped=0x0) returned 1 [0225.045] CloseHandle (hObject=0x2cc) returned 1 [0225.046] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.047] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\CNhSRq_988nVmcAoKs I.bmp", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\CNhSRq_988nVmcAoKs I.bmp", lpFilePart=0x0) returned 0x6f [0225.047] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.047] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\CNhSRq_988nVmcAoKs I.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\cnhsrq_988nvmcaoks i.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.047] GetFileType (hFile=0x2cc) returned 0x1 [0225.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.048] GetFileType (hFile=0x2cc) returned 0x1 [0225.048] ReadFile (in: hFile=0x2cc, lpBuffer=0x21df130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21df130*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.048] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.049] WriteFile (in: hFile=0x2cc, lpBuffer=0x21df130*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21df130*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.049] CloseHandle (hObject=0x2cc) returned 1 [0225.049] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\CNhSRq_988nVmcAoKs I.bmp", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\CNhSRq_988nVmcAoKs I.bmp", lpFilePart=0x0) returned 0x6f [0225.049] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\CNhSRq_988nVmcAoKs I.bmp.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\CNhSRq_988nVmcAoKs I.bmp.rtcrypted", lpFilePart=0x0) returned 0x79 [0225.049] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.050] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\CNhSRq_988nVmcAoKs I.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\cnhsrq_988nvmcaoks i.bmp"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c582090, ftCreationTime.dwHighDateTime=0x1d9a74b, ftLastAccessTime.dwLowDateTime=0x1a8449dd, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a8449dd, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x122c5)) returned 1 [0225.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.050] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\CNhSRq_988nVmcAoKs I.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\cnhsrq_988nvmcaoks i.bmp"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\CNhSRq_988nVmcAoKs I.bmp.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\cnhsrq_988nvmcaoks i.bmp.rtcrypted")) returned 1 [0225.053] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.053] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.054] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.054] GetFileType (hFile=0x2cc) returned 0x1 [0225.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.054] GetFileType (hFile=0x2cc) returned 0x1 [0225.054] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5693 [0225.055] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e1bb8*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21e1bb8*, lpNumberOfBytesWritten=0x15ecc8*=0x70, lpOverlapped=0x0) returned 1 [0225.055] CloseHandle (hObject=0x2cc) returned 1 [0225.056] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.057] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\goujVTDJ1s18.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\goujVTDJ1s18.jpg", lpFilePart=0x0) returned 0x67 [0225.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.057] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\goujVTDJ1s18.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\goujvtdj1s18.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.057] GetFileType (hFile=0x2cc) returned 0x1 [0225.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.057] GetFileType (hFile=0x2cc) returned 0x1 [0225.058] ReadFile (in: hFile=0x2cc, lpBuffer=0x21e31a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21e31a0*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.058] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.058] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e31a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21e31a0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.059] CloseHandle (hObject=0x2cc) returned 1 [0225.059] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\goujVTDJ1s18.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\goujVTDJ1s18.jpg", lpFilePart=0x0) returned 0x67 [0225.059] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\goujVTDJ1s18.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\goujVTDJ1s18.jpg.rtcrypted", lpFilePart=0x0) returned 0x71 [0225.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.059] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\goujVTDJ1s18.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\goujvtdj1s18.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7143dc0, ftCreationTime.dwHighDateTime=0x1d9adf0, ftLastAccessTime.dwLowDateTime=0x1a874598, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a874598, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x6be1)) returned 1 [0225.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.060] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\goujVTDJ1s18.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\goujvtdj1s18.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\goujVTDJ1s18.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\goujvtdj1s18.jpg.rtcrypted")) returned 1 [0225.061] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.062] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.062] GetFileType (hFile=0x2cc) returned 0x1 [0225.062] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.062] GetFileType (hFile=0x2cc) returned 0x1 [0225.062] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5703 [0225.063] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e5be8*, nNumberOfBytesToWrite=0x68, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21e5be8*, lpNumberOfBytesWritten=0x15ecc8*=0x68, lpOverlapped=0x0) returned 1 [0225.063] CloseHandle (hObject=0x2cc) returned 1 [0225.133] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.134] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\JxmR6v_b0d1c1TOkKn.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\JxmR6v_b0d1c1TOkKn.jpg", lpFilePart=0x0) returned 0x6d [0225.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.135] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\JxmR6v_b0d1c1TOkKn.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\jxmr6v_b0d1c1tokkn.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.136] GetFileType (hFile=0x2cc) returned 0x1 [0225.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.136] GetFileType (hFile=0x2cc) returned 0x1 [0225.137] ReadFile (in: hFile=0x2cc, lpBuffer=0x21e71e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21e71e8*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.138] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.138] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e71e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21e71e8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.139] CloseHandle (hObject=0x2cc) returned 1 [0225.139] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\JxmR6v_b0d1c1TOkKn.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\JxmR6v_b0d1c1TOkKn.jpg", lpFilePart=0x0) returned 0x6d [0225.139] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\JxmR6v_b0d1c1TOkKn.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\JxmR6v_b0d1c1TOkKn.jpg.rtcrypted", lpFilePart=0x0) returned 0x77 [0225.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.139] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\JxmR6v_b0d1c1TOkKn.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\jxmr6v_b0d1c1tokkn.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce18f9d0, ftCreationTime.dwHighDateTime=0x1d9a988, ftLastAccessTime.dwLowDateTime=0x1a929879, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a929879, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3cfa)) returned 1 [0225.140] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.140] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\JxmR6v_b0d1c1TOkKn.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\jxmr6v_b0d1c1tokkn.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\JxmR6v_b0d1c1TOkKn.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\jxmr6v_b0d1c1tokkn.jpg.rtcrypted")) returned 1 [0225.143] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.143] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.143] GetFileType (hFile=0x2cc) returned 0x1 [0225.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.144] GetFileType (hFile=0x2cc) returned 0x1 [0225.144] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x576b [0225.144] WriteFile (in: hFile=0x2cc, lpBuffer=0x21e9c58*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21e9c58*, lpNumberOfBytesWritten=0x15ecc8*=0x6e, lpOverlapped=0x0) returned 1 [0225.145] CloseHandle (hObject=0x2cc) returned 1 [0225.146] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.146] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\ScFVHzsefvu1Kt2J0.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\ScFVHzsefvu1Kt2J0.jpg", lpFilePart=0x0) returned 0x6c [0225.146] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.147] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\ScFVHzsefvu1Kt2J0.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\scfvhzsefvu1kt2j0.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.147] GetFileType (hFile=0x2cc) returned 0x1 [0225.147] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.147] GetFileType (hFile=0x2cc) returned 0x1 [0225.148] ReadFile (in: hFile=0x2cc, lpBuffer=0x21eb258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21eb258*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.148] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.148] WriteFile (in: hFile=0x2cc, lpBuffer=0x21eb258*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21eb258*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.148] CloseHandle (hObject=0x2cc) returned 1 [0225.149] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\ScFVHzsefvu1Kt2J0.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\ScFVHzsefvu1Kt2J0.jpg", lpFilePart=0x0) returned 0x6c [0225.149] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\ScFVHzsefvu1Kt2J0.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\ScFVHzsefvu1Kt2J0.jpg.rtcrypted", lpFilePart=0x0) returned 0x76 [0225.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\ScFVHzsefvu1Kt2J0.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\scfvhzsefvu1kt2j0.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb22d3c0, ftCreationTime.dwHighDateTime=0x1d9a55b, ftLastAccessTime.dwLowDateTime=0x1a94f74a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a94f74a, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x20bb)) returned 1 [0225.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.149] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\ScFVHzsefvu1Kt2J0.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\scfvhzsefvu1kt2j0.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\ScFVHzsefvu1Kt2J0.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\scfvhzsefvu1kt2j0.jpg.rtcrypted")) returned 1 [0225.151] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.151] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.152] GetFileType (hFile=0x2cc) returned 0x1 [0225.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.152] GetFileType (hFile=0x2cc) returned 0x1 [0225.152] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x57d9 [0225.152] WriteFile (in: hFile=0x2cc, lpBuffer=0x21edcc8*, nNumberOfBytesToWrite=0x6d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21edcc8*, lpNumberOfBytesWritten=0x15ecc8*=0x6d, lpOverlapped=0x0) returned 1 [0225.153] CloseHandle (hObject=0x2cc) returned 1 [0225.154] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.154] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\e95MKF1cwUHr.bmp", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\e95MKF1cwUHr.bmp", lpFilePart=0x0) returned 0x37 [0225.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.154] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\e95MKF1cwUHr.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\e95mkf1cwuhr.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.155] GetFileType (hFile=0x2cc) returned 0x1 [0225.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.155] GetFileType (hFile=0x2cc) returned 0x1 [0225.155] ReadFile (in: hFile=0x2cc, lpBuffer=0x21ef250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21ef250*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.157] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.157] WriteFile (in: hFile=0x2cc, lpBuffer=0x21ef250*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21ef250*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.157] CloseHandle (hObject=0x2cc) returned 1 [0225.158] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\e95MKF1cwUHr.bmp", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\e95MKF1cwUHr.bmp", lpFilePart=0x0) returned 0x37 [0225.158] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\e95MKF1cwUHr.bmp.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\e95MKF1cwUHr.bmp.rtcrypted", lpFilePart=0x0) returned 0x41 [0225.158] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\e95MKF1cwUHr.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\e95mkf1cwuhr.bmp"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20f2a6d0, ftCreationTime.dwHighDateTime=0x1d9a653, ftLastAccessTime.dwLowDateTime=0x1a94f74a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1a94f74a, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x12e5c)) returned 1 [0225.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.158] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\e95MKF1cwUHr.bmp" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\e95mkf1cwuhr.bmp"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\e95MKF1cwUHr.bmp.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\e95mkf1cwuhr.bmp.rtcrypted")) returned 1 [0225.160] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.160] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.161] GetFileType (hFile=0x2cc) returned 0x1 [0225.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.161] GetFileType (hFile=0x2cc) returned 0x1 [0225.161] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5846 [0225.161] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f1b18*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21f1b18*, lpNumberOfBytesWritten=0x15ecc8*=0x38, lpOverlapped=0x0) returned 1 [0225.162] CloseHandle (hObject=0x2cc) returned 1 [0225.163] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.163] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\Kx8A.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\Kx8A.jpg", lpFilePart=0x0) returned 0x2f [0225.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.205] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\Kx8A.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\kx8a.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.206] GetFileType (hFile=0x2cc) returned 0x1 [0225.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.206] GetFileType (hFile=0x2cc) returned 0x1 [0225.207] ReadFile (in: hFile=0x2cc, lpBuffer=0x21f3080, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21f3080*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.208] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.208] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f3080*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21f3080*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.222] CloseHandle (hObject=0x2cc) returned 1 [0225.223] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\Kx8A.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\Kx8A.jpg", lpFilePart=0x0) returned 0x2f [0225.223] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\Kx8A.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\Kx8A.jpg.rtcrypted", lpFilePart=0x0) returned 0x39 [0225.223] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.223] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\Kx8A.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\kx8a.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb018b0, ftCreationTime.dwHighDateTime=0x1d9b409, ftLastAccessTime.dwLowDateTime=0x1aa0e0f7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1aa0e0f7, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xa07a)) returned 1 [0225.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.223] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\Kx8A.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\kx8a.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\Kx8A.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\kx8a.jpg.rtcrypted")) returned 1 [0225.225] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.225] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.225] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.226] GetFileType (hFile=0x2cc) returned 0x1 [0225.226] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.226] GetFileType (hFile=0x2cc) returned 0x1 [0225.226] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x587e [0225.226] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f5908*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21f5908*, lpNumberOfBytesWritten=0x15ecc8*=0x30, lpOverlapped=0x0) returned 1 [0225.227] CloseHandle (hObject=0x2cc) returned 1 [0225.228] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.228] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\wdEc2kGh2EaP.jpg", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\wdEc2kGh2EaP.jpg", lpFilePart=0x0) returned 0x37 [0225.228] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.228] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\wdEc2kGh2EaP.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\wdec2kgh2eap.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.229] GetFileType (hFile=0x2cc) returned 0x1 [0225.229] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.229] GetFileType (hFile=0x2cc) returned 0x1 [0225.229] ReadFile (in: hFile=0x2cc, lpBuffer=0x21f6e90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21f6e90*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.231] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.231] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f6e90*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21f6e90*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.231] CloseHandle (hObject=0x2cc) returned 1 [0225.232] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\wdEc2kGh2EaP.jpg", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\wdEc2kGh2EaP.jpg", lpFilePart=0x0) returned 0x37 [0225.232] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\wdEc2kGh2EaP.jpg.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\wdEc2kGh2EaP.jpg.rtcrypted", lpFilePart=0x0) returned 0x41 [0225.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.232] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\wdEc2kGh2EaP.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\wdec2kgh2eap.jpg"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe285d60, ftCreationTime.dwHighDateTime=0x1d9b38c, ftLastAccessTime.dwLowDateTime=0x1aa0e0f7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1aa0e0f7, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x1416a)) returned 1 [0225.232] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.232] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\wdEc2kGh2EaP.jpg" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\wdec2kgh2eap.jpg"), lpNewFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\wdEc2kGh2EaP.jpg.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\wdec2kgh2eap.jpg.rtcrypted")) returned 1 [0225.234] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.234] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.234] GetFileType (hFile=0x2cc) returned 0x1 [0225.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.235] GetFileType (hFile=0x2cc) returned 0x1 [0225.235] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x58ae [0225.235] WriteFile (in: hFile=0x2cc, lpBuffer=0x21f9758*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21f9758*, lpNumberOfBytesWritten=0x15ecc8*=0x38, lpOverlapped=0x0) returned 1 [0225.236] CloseHandle (hObject=0x2cc) returned 1 [0225.237] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.237] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\Bs j.mp4", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\Bs j.mp4", lpFilePart=0x0) returned 0x22 [0225.238] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.238] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Videos\\Bs j.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\bs j.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.238] GetFileType (hFile=0x2cc) returned 0x1 [0225.238] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.238] GetFileType (hFile=0x2cc) returned 0x1 [0225.239] ReadFile (in: hFile=0x2cc, lpBuffer=0x21faca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21faca8*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.239] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.239] WriteFile (in: hFile=0x2cc, lpBuffer=0x21faca8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21faca8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.239] CloseHandle (hObject=0x2cc) returned 1 [0225.240] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\Bs j.mp4", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\Bs j.mp4", lpFilePart=0x0) returned 0x22 [0225.240] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\Bs j.mp4.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\Bs j.mp4.rtcrypted", lpFilePart=0x0) returned 0x2c [0225.240] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.240] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\Bs j.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\bs j.mp4"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x591f0c30, ftCreationTime.dwHighDateTime=0x1d9b213, ftLastAccessTime.dwLowDateTime=0x1aa343b3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1aa343b3, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x4b77)) returned 1 [0225.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.241] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Videos\\Bs j.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\bs j.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\Videos\\Bs j.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\videos\\bs j.mp4.rtcrypted")) returned 1 [0225.242] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.242] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.243] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.243] GetFileType (hFile=0x2cc) returned 0x1 [0225.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.243] GetFileType (hFile=0x2cc) returned 0x1 [0225.243] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x58e6 [0225.243] WriteFile (in: hFile=0x2cc, lpBuffer=0x21fd4c8*, nNumberOfBytesToWrite=0x23, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x21fd4c8*, lpNumberOfBytesWritten=0x15ecc8*=0x23, lpOverlapped=0x0) returned 1 [0225.244] CloseHandle (hObject=0x2cc) returned 1 [0225.244] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.245] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\agiF0Mgb_RU5JL-puA.mp4", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\agiF0Mgb_RU5JL-puA.mp4", lpFilePart=0x0) returned 0x36 [0225.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.245] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\agiF0Mgb_RU5JL-puA.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\agif0mgb_ru5jl-pua.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.245] GetFileType (hFile=0x2cc) returned 0x1 [0225.246] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.246] GetFileType (hFile=0x2cc) returned 0x1 [0225.246] ReadFile (in: hFile=0x2cc, lpBuffer=0x21fea58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x21fea58*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.246] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.247] WriteFile (in: hFile=0x2cc, lpBuffer=0x21fea58*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x21fea58*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.247] CloseHandle (hObject=0x2cc) returned 1 [0225.247] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\agiF0Mgb_RU5JL-puA.mp4", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\agiF0Mgb_RU5JL-puA.mp4", lpFilePart=0x0) returned 0x36 [0225.247] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\agiF0Mgb_RU5JL-puA.mp4.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\agiF0Mgb_RU5JL-puA.mp4.rtcrypted", lpFilePart=0x0) returned 0x40 [0225.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.248] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\agiF0Mgb_RU5JL-puA.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\agif0mgb_ru5jl-pua.mp4"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb7e2d30, ftCreationTime.dwHighDateTime=0x1d9b21f, ftLastAccessTime.dwLowDateTime=0x1aa343b3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1aa343b3, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x896d)) returned 1 [0225.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.248] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\agiF0Mgb_RU5JL-puA.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\agif0mgb_ru5jl-pua.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\agiF0Mgb_RU5JL-puA.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\agif0mgb_ru5jl-pua.mp4.rtcrypted")) returned 1 [0225.250] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.250] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.250] GetFileType (hFile=0x2cc) returned 0x1 [0225.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.251] GetFileType (hFile=0x2cc) returned 0x1 [0225.251] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5909 [0225.304] WriteFile (in: hFile=0x2cc, lpBuffer=0x2201318*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2201318*, lpNumberOfBytesWritten=0x15ecc8*=0x37, lpOverlapped=0x0) returned 1 [0225.304] CloseHandle (hObject=0x2cc) returned 1 [0225.305] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.306] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\bvgx7p.mp4", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\bvgx7p.mp4", lpFilePart=0x0) returned 0x2a [0225.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.306] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\bvgx7p.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\bvgx7p.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.307] GetFileType (hFile=0x2cc) returned 0x1 [0225.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.307] GetFileType (hFile=0x2cc) returned 0x1 [0225.307] ReadFile (in: hFile=0x2cc, lpBuffer=0x2202860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2202860*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.307] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.307] WriteFile (in: hFile=0x2cc, lpBuffer=0x2202860*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2202860*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.307] CloseHandle (hObject=0x2cc) returned 1 [0225.308] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\bvgx7p.mp4", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\bvgx7p.mp4", lpFilePart=0x0) returned 0x2a [0225.308] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\bvgx7p.mp4.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\bvgx7p.mp4.rtcrypted", lpFilePart=0x0) returned 0x34 [0225.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.308] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\bvgx7p.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\bvgx7p.mp4"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54d4c820, ftCreationTime.dwHighDateTime=0x1d9a77a, ftLastAccessTime.dwLowDateTime=0x1aaccef2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1aaccef2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xa210)) returned 1 [0225.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.309] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\bvgx7p.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\bvgx7p.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\bvgx7p.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\bvgx7p.mp4.rtcrypted")) returned 1 [0225.310] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.311] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.311] GetFileType (hFile=0x2cc) returned 0x1 [0225.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.311] GetFileType (hFile=0x2cc) returned 0x1 [0225.311] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5940 [0225.312] WriteFile (in: hFile=0x2cc, lpBuffer=0x22050d8*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22050d8*, lpNumberOfBytesWritten=0x15ecc8*=0x2b, lpOverlapped=0x0) returned 1 [0225.312] CloseHandle (hObject=0x2cc) returned 1 [0225.313] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.314] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\IGswwfaj7bocMgDD8h.mp4", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\IGswwfaj7bocMgDD8h.mp4", lpFilePart=0x0) returned 0x36 [0225.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.315] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\IGswwfaj7bocMgDD8h.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\igswwfaj7bocmgdd8h.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.315] GetFileType (hFile=0x2cc) returned 0x1 [0225.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.316] GetFileType (hFile=0x2cc) returned 0x1 [0225.316] ReadFile (in: hFile=0x2cc, lpBuffer=0x2206650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2206650*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.316] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.316] WriteFile (in: hFile=0x2cc, lpBuffer=0x2206650*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2206650*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.316] CloseHandle (hObject=0x2cc) returned 1 [0225.317] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\IGswwfaj7bocMgDD8h.mp4", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\IGswwfaj7bocMgDD8h.mp4", lpFilePart=0x0) returned 0x36 [0225.317] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\IGswwfaj7bocMgDD8h.mp4.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\IGswwfaj7bocMgDD8h.mp4.rtcrypted", lpFilePart=0x0) returned 0x40 [0225.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.317] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\IGswwfaj7bocMgDD8h.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\igswwfaj7bocmgdd8h.mp4"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e1e7590, ftCreationTime.dwHighDateTime=0x1d9a7a8, ftLastAccessTime.dwLowDateTime=0x1aaf3235, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1aaf3235, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x80cb)) returned 1 [0225.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.317] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\IGswwfaj7bocMgDD8h.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\igswwfaj7bocmgdd8h.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\IGswwfaj7bocMgDD8h.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\igswwfaj7bocmgdd8h.mp4.rtcrypted")) returned 1 [0225.319] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.319] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.319] GetFileType (hFile=0x2cc) returned 0x1 [0225.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.320] GetFileType (hFile=0x2cc) returned 0x1 [0225.320] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x596b [0225.320] WriteFile (in: hFile=0x2cc, lpBuffer=0x2208f28*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2208f28*, lpNumberOfBytesWritten=0x15ecc8*=0x37, lpOverlapped=0x0) returned 1 [0225.320] CloseHandle (hObject=0x2cc) returned 1 [0225.321] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.322] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\nB AQx7sl6TsWS3Uq0.mp4", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\nB AQx7sl6TsWS3Uq0.mp4", lpFilePart=0x0) returned 0x36 [0225.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.322] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\nB AQx7sl6TsWS3Uq0.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\nb aqx7sl6tsws3uq0.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.322] GetFileType (hFile=0x2cc) returned 0x1 [0225.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.323] GetFileType (hFile=0x2cc) returned 0x1 [0225.323] ReadFile (in: hFile=0x2cc, lpBuffer=0x220a4a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x220a4a0*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.323] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.323] WriteFile (in: hFile=0x2cc, lpBuffer=0x220a4a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x220a4a0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.323] CloseHandle (hObject=0x2cc) returned 1 [0225.324] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\nB AQx7sl6TsWS3Uq0.mp4", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\nB AQx7sl6TsWS3Uq0.mp4", lpFilePart=0x0) returned 0x36 [0225.324] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\nB AQx7sl6TsWS3Uq0.mp4.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\nB AQx7sl6TsWS3Uq0.mp4.rtcrypted", lpFilePart=0x0) returned 0x40 [0225.324] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.324] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\nB AQx7sl6TsWS3Uq0.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\nb aqx7sl6tsws3uq0.mp4"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5b2fc0, ftCreationTime.dwHighDateTime=0x1d9a84c, ftLastAccessTime.dwLowDateTime=0x1aaf3235, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1aaf3235, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x6a17)) returned 1 [0225.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.324] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\nB AQx7sl6TsWS3Uq0.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\nb aqx7sl6tsws3uq0.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\nB AQx7sl6TsWS3Uq0.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\nb aqx7sl6tsws3uq0.mp4.rtcrypted")) returned 1 [0225.326] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.326] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.326] GetFileType (hFile=0x2cc) returned 0x1 [0225.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.327] GetFileType (hFile=0x2cc) returned 0x1 [0225.327] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x59a2 [0225.328] WriteFile (in: hFile=0x2cc, lpBuffer=0x220cd78*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x220cd78*, lpNumberOfBytesWritten=0x15ecc8*=0x37, lpOverlapped=0x0) returned 1 [0225.328] CloseHandle (hObject=0x2cc) returned 1 [0225.329] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.340] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\t24Q2Z.mp4", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\t24Q2Z.mp4", lpFilePart=0x0) returned 0x2a [0225.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.340] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\t24Q2Z.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\t24q2z.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.340] GetFileType (hFile=0x2cc) returned 0x1 [0225.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.341] GetFileType (hFile=0x2cc) returned 0x1 [0225.341] ReadFile (in: hFile=0x2cc, lpBuffer=0x220e2c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x220e2c0*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.341] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.341] WriteFile (in: hFile=0x2cc, lpBuffer=0x220e2c0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x220e2c0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.341] CloseHandle (hObject=0x2cc) returned 1 [0225.342] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\t24Q2Z.mp4", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\t24Q2Z.mp4", lpFilePart=0x0) returned 0x2a [0225.342] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\t24Q2Z.mp4.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\t24Q2Z.mp4.rtcrypted", lpFilePart=0x0) returned 0x34 [0225.342] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.342] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\t24Q2Z.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\t24q2z.mp4"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c693940, ftCreationTime.dwHighDateTime=0x1d9aae2, ftLastAccessTime.dwLowDateTime=0x1ab30d50, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1ab30d50, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x15ea4)) returned 1 [0225.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.343] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\t24Q2Z.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\t24q2z.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\t24Q2Z.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\t24q2z.mp4.rtcrypted")) returned 1 [0225.345] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.345] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.346] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.346] GetFileType (hFile=0x2cc) returned 0x1 [0225.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.346] GetFileType (hFile=0x2cc) returned 0x1 [0225.346] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x59d9 [0225.347] WriteFile (in: hFile=0x2cc, lpBuffer=0x2210b38*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2210b38*, lpNumberOfBytesWritten=0x15ecc8*=0x2b, lpOverlapped=0x0) returned 1 [0225.347] CloseHandle (hObject=0x2cc) returned 1 [0225.348] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.349] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\TbVuZEgqlJviltx.mp4", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\TbVuZEgqlJviltx.mp4", lpFilePart=0x0) returned 0x33 [0225.349] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.349] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\TbVuZEgqlJviltx.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\tbvuzegqljviltx.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.349] GetFileType (hFile=0x2cc) returned 0x1 [0225.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.349] GetFileType (hFile=0x2cc) returned 0x1 [0225.349] ReadFile (in: hFile=0x2cc, lpBuffer=0x22120a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x22120a0*, lpNumberOfBytesRead=0x15edd8*=0xa11, lpOverlapped=0x0) returned 1 [0225.350] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.350] WriteFile (in: hFile=0x2cc, lpBuffer=0x22120a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x22120a0*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.350] CloseHandle (hObject=0x2cc) returned 1 [0225.350] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\TbVuZEgqlJviltx.mp4", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\TbVuZEgqlJviltx.mp4", lpFilePart=0x0) returned 0x33 [0225.350] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\TbVuZEgqlJviltx.mp4.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\TbVuZEgqlJviltx.mp4.rtcrypted", lpFilePart=0x0) returned 0x3d [0225.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.351] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\TbVuZEgqlJviltx.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\tbvuzegqljviltx.mp4"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64f220d0, ftCreationTime.dwHighDateTime=0x1d9b239, ftLastAccessTime.dwLowDateTime=0x1ab3f2f7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1ab3f2f7, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0xa11)) returned 1 [0225.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.351] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\TbVuZEgqlJviltx.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\tbvuzegqljviltx.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\TbVuZEgqlJviltx.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\tbvuzegqljviltx.mp4.rtcrypted")) returned 1 [0225.352] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.353] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.353] GetFileType (hFile=0x2cc) returned 0x1 [0225.353] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.353] GetFileType (hFile=0x2cc) returned 0x1 [0225.353] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5a04 [0225.354] WriteFile (in: hFile=0x2cc, lpBuffer=0x2214948*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2214948*, lpNumberOfBytesWritten=0x15ecc8*=0x34, lpOverlapped=0x0) returned 1 [0225.354] CloseHandle (hObject=0x2cc) returned 1 [0225.355] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.355] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\Wj9zjrVu.mp4", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\Wj9zjrVu.mp4", lpFilePart=0x0) returned 0x2c [0225.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.356] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\Wj9zjrVu.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\wj9zjrvu.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.356] GetFileType (hFile=0x2cc) returned 0x1 [0225.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.356] GetFileType (hFile=0x2cc) returned 0x1 [0225.356] ReadFile (in: hFile=0x2cc, lpBuffer=0x2215eb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2215eb8*, lpNumberOfBytesRead=0x15edd8*=0x1000, lpOverlapped=0x0) returned 1 [0225.356] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.357] WriteFile (in: hFile=0x2cc, lpBuffer=0x2215eb8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2215eb8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.357] CloseHandle (hObject=0x2cc) returned 1 [0225.357] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\Wj9zjrVu.mp4", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\Wj9zjrVu.mp4", lpFilePart=0x0) returned 0x2c [0225.357] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\Wj9zjrVu.mp4.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\Wj9zjrVu.mp4.rtcrypted", lpFilePart=0x0) returned 0x36 [0225.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\Wj9zjrVu.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\wj9zjrvu.mp4"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e010270, ftCreationTime.dwHighDateTime=0x1d9a7a9, ftLastAccessTime.dwLowDateTime=0x1ab3f2f7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1ab3f2f7, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x1794e)) returned 1 [0225.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.358] MoveFileW (lpExistingFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\Wj9zjrVu.mp4" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\wj9zjrvu.mp4"), lpNewFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\Wj9zjrVu.mp4.rtcrypted" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\wj9zjrvu.mp4.rtcrypted")) returned 1 [0225.359] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.359] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.359] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.359] GetFileType (hFile=0x2cc) returned 0x1 [0225.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.360] GetFileType (hFile=0x2cc) returned 0x1 [0225.360] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5a38 [0225.360] WriteFile (in: hFile=0x2cc, lpBuffer=0x2218728*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2218728*, lpNumberOfBytesWritten=0x15ecc8*=0x2d, lpOverlapped=0x0) returned 1 [0225.414] CloseHandle (hObject=0x2cc) returned 1 [0225.503] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.503] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\Acrobat Reader.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\Acrobat Reader.lnk", lpFilePart=0x0) returned 0x2a [0225.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.504] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Acrobat Reader.lnk" (normalized: "c:\\users\\public\\desktop\\acrobat reader.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.504] GetFileType (hFile=0x2cc) returned 0x1 [0225.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.505] GetFileType (hFile=0x2cc) returned 0x1 [0225.505] ReadFile (in: hFile=0x2cc, lpBuffer=0x2249e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2249e28*, lpNumberOfBytesRead=0x15edd8*=0x852, lpOverlapped=0x0) returned 1 [0225.506] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.506] WriteFile (in: hFile=0x2cc, lpBuffer=0x2249e28*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2249e28*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.507] CloseHandle (hObject=0x2cc) returned 1 [0225.509] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\Acrobat Reader.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\Acrobat Reader.lnk", lpFilePart=0x0) returned 0x2a [0225.509] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\Acrobat Reader.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\Acrobat Reader.lnk.rtcrypted", lpFilePart=0x0) returned 0x34 [0225.509] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.509] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Desktop\\Acrobat Reader.lnk" (normalized: "c:\\users\\public\\desktop\\acrobat reader.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a0a9afe, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x1acbcaf2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1acbcaf2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x852)) returned 1 [0225.510] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.510] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Desktop\\Acrobat Reader.lnk" (normalized: "c:\\users\\public\\desktop\\acrobat reader.lnk"), lpNewFileName="C:\\Users\\Public\\Desktop\\Acrobat Reader.lnk.rtcrypted" (normalized: "c:\\users\\public\\desktop\\acrobat reader.lnk.rtcrypted")) returned 1 [0225.512] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.513] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.513] GetFileType (hFile=0x2cc) returned 0x1 [0225.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.513] GetFileType (hFile=0x2cc) returned 0x1 [0225.513] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5a65 [0225.514] WriteFile (in: hFile=0x2cc, lpBuffer=0x224c688*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x224c688*, lpNumberOfBytesWritten=0x15ecc8*=0x2b, lpOverlapped=0x0) returned 1 [0225.514] CloseHandle (hObject=0x2cc) returned 1 [0225.515] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.516] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\Firefox.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\Firefox.lnk", lpFilePart=0x0) returned 0x23 [0225.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.520] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.521] GetFileType (hFile=0x2cc) returned 0x1 [0225.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.521] GetFileType (hFile=0x2cc) returned 0x1 [0225.521] ReadFile (in: hFile=0x2cc, lpBuffer=0x224dbd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x224dbd8*, lpNumberOfBytesRead=0x15edd8*=0x3e7, lpOverlapped=0x0) returned 1 [0225.523] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.523] WriteFile (in: hFile=0x2cc, lpBuffer=0x224dbd8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x224dbd8*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.524] CloseHandle (hObject=0x2cc) returned 1 [0225.524] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\Firefox.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\Firefox.lnk", lpFilePart=0x0) returned 0x23 [0225.524] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\Firefox.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\Firefox.lnk.rtcrypted", lpFilePart=0x0) returned 0x2d [0225.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Desktop\\Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\firefox.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93ec5f1e, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x1ace2fc1, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1ace2fc1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3e7)) returned 1 [0225.525] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.525] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Desktop\\Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\firefox.lnk"), lpNewFileName="C:\\Users\\Public\\Desktop\\Firefox.lnk.rtcrypted" (normalized: "c:\\users\\public\\desktop\\firefox.lnk.rtcrypted")) returned 1 [0225.527] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.527] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.527] GetFileType (hFile=0x2cc) returned 0x1 [0225.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.528] GetFileType (hFile=0x2cc) returned 0x1 [0225.528] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5a90 [0225.528] WriteFile (in: hFile=0x2cc, lpBuffer=0x2250400*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2250400*, lpNumberOfBytesWritten=0x15ecc8*=0x24, lpOverlapped=0x0) returned 1 [0225.529] CloseHandle (hObject=0x2cc) returned 1 [0225.530] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0225.530] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\Microsoft Edge.lnk", nBufferLength=0x105, lpBuffer=0x15e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\Microsoft Edge.lnk", lpFilePart=0x0) returned 0x2a [0225.530] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ecd8) returned 1 [0225.531] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Microsoft Edge.lnk" (normalized: "c:\\users\\public\\desktop\\microsoft edge.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2cc [0225.531] GetFileType (hFile=0x2cc) returned 0x1 [0225.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15ec48) returned 1 [0225.531] GetFileType (hFile=0x2cc) returned 0x1 [0225.532] ReadFile (in: hFile=0x2cc, lpBuffer=0x2251970, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15edd8, lpOverlapped=0x0 | out: lpBuffer=0x2251970*, lpNumberOfBytesRead=0x15edd8*=0x8d9, lpOverlapped=0x0) returned 1 [0225.535] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ee08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x15ee08*=0) returned 0x0 [0225.535] WriteFile (in: hFile=0x2cc, lpBuffer=0x2251970*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x15edb8, lpOverlapped=0x0 | out: lpBuffer=0x2251970*, lpNumberOfBytesWritten=0x15edb8*=0x80, lpOverlapped=0x0) returned 1 [0225.535] CloseHandle (hObject=0x2cc) returned 1 [0225.536] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\Microsoft Edge.lnk", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\Microsoft Edge.lnk", lpFilePart=0x0) returned 0x2a [0225.536] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\Microsoft Edge.lnk.rtcrypted", nBufferLength=0x105, lpBuffer=0x15e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\Microsoft Edge.lnk.rtcrypted", lpFilePart=0x0) returned 0x34 [0225.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ebc8) returned 1 [0225.536] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Desktop\\Microsoft Edge.lnk" (normalized: "c:\\users\\public\\desktop\\microsoft edge.lnk"), fInfoLevelId=0x0, lpFileInformation=0x15eef0 | out: lpFileInformation=0x15eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79800a3a, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x1ad09375, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1ad09375, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x8d9)) returned 1 [0225.536] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eb78) returned 1 [0225.536] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Desktop\\Microsoft Edge.lnk" (normalized: "c:\\users\\public\\desktop\\microsoft edge.lnk"), lpNewFileName="C:\\Users\\Public\\Desktop\\Microsoft Edge.lnk.rtcrypted" (normalized: "c:\\users\\public\\desktop\\microsoft edge.lnk.rtcrypted")) returned 1 [0225.538] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", nBufferLength=0x105, lpBuffer=0x15e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt", lpFilePart=0x0) returned 0x30 [0225.538] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15ec38) returned 1 [0225.539] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\RansomeToad.txt" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\ransometoad.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2cc [0225.540] GetFileType (hFile=0x2cc) returned 0x1 [0225.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15eba8) returned 1 [0225.540] GetFileType (hFile=0x2cc) returned 0x1 [0225.540] SetFilePointer (in: hFile=0x2cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x15ebf8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x15ebf8*=0) returned 0x5ab4 [0225.540] WriteFile (in: hFile=0x2cc, lpBuffer=0x22541d0*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x15ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22541d0*, lpNumberOfBytesWritten=0x15ecc8*=0x2b, lpOverlapped=0x0) returned 1 [0225.541] CloseHandle (hObject=0x2cc) returned 1 [0230.966] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x15eea8 | out: phkResult=0x15eea8*=0x2cc) returned 0x0 [0231.173] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", lpFilePart=0x0) returned 0x5f [0231.193] RegQueryValueExW (in: hKey=0x2cc, lpValueName="Ransomtoad", lpReserved=0x0, lpType=0x15eeb8, lpData=0x0, lpcbData=0x15eeb0*=0x0 | out: lpType=0x15eeb8*=0x0, lpData=0x0, lpcbData=0x15eeb0*=0x0) returned 0x2 [0231.194] RegSetValueExW (in: hKey=0x2cc, lpValueName="Ransomtoad", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe\"", cbData=0xc4 | out: lpData="\"C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe\"") returned 0x0 [0231.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x15e830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0231.684] IsAppThemed () returned 0x0 [0231.691] CoTaskMemAlloc (cb=0xf0) returned 0x6082c0 [0231.692] CreateActCtxA (pActCtx=0x15ee00) returned 0x61ce08 [0232.335] CoTaskMemFree (pv=0x6082c0) [0232.485] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc11d [0232.485] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1d8 [0233.659] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe.config", nBufferLength=0x105, lpBuffer=0x15e480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe.config", lpFilePart=0x0) returned 0x66 [0233.885] GetCurrentProcess () returned 0xffffffffffffffff [0233.885] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x15e758 | out: TokenHandle=0x15e758*=0x2d8) returned 1 [0233.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x15e170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", lpFilePart=0x0) returned 0x30 [0233.899] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x15e800 | out: lpFileInformation=0x15e800*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca73a567, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x11d6f8bb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7ba8924a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0233.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x15e190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0233.903] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x15e7f8 | out: lpFileInformation=0x15e7f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca73a567, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x11d6f8bb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7ba8924a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0233.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x15e180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0233.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15e698) returned 1 [0233.904] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d4 [0233.904] GetFileType (hFile=0x2d4) returned 0x1 [0233.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15e608) returned 1 [0233.904] GetFileType (hFile=0x2d4) returned 0x1 [0235.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x15cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x45 [0235.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x15d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x45 [0235.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15d2e8) returned 1 [0235.070] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x15d610 | out: lpFileInformation=0x15d610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca73a567, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x11d6f8bb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7ba8924a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0235.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15d298) returned 1 [0235.282] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x15d5c0 | out: pfEnabled=0x15d5c0) returned 0x0 [0235.420] GetFileSize (in: hFile=0x2d4, lpFileSizeHigh=0x15e738 | out: lpFileSizeHigh=0x15e738*=0x0) returned 0x8c8e [0235.420] ReadFile (in: hFile=0x2d4, lpBuffer=0x22e9800, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15e6a8, lpOverlapped=0x0 | out: lpBuffer=0x22e9800*, lpNumberOfBytesRead=0x15e6a8*=0x1000, lpOverlapped=0x0) returned 1 [0235.518] ReadFile (in: hFile=0x2d4, lpBuffer=0x22e9800, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15e478, lpOverlapped=0x0 | out: lpBuffer=0x22e9800*, lpNumberOfBytesRead=0x15e478*=0x1000, lpOverlapped=0x0) returned 1 [0235.525] ReadFile (in: hFile=0x2d4, lpBuffer=0x22e9800, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15e248, lpOverlapped=0x0 | out: lpBuffer=0x22e9800*, lpNumberOfBytesRead=0x15e248*=0x1000, lpOverlapped=0x0) returned 1 [0235.527] ReadFile (in: hFile=0x2d4, lpBuffer=0x22e9800, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15e248, lpOverlapped=0x0 | out: lpBuffer=0x22e9800*, lpNumberOfBytesRead=0x15e248*=0x1000, lpOverlapped=0x0) returned 1 [0235.528] ReadFile (in: hFile=0x2d4, lpBuffer=0x22e9800, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15e248, lpOverlapped=0x0 | out: lpBuffer=0x22e9800*, lpNumberOfBytesRead=0x15e248*=0x1000, lpOverlapped=0x0) returned 1 [0235.529] ReadFile (in: hFile=0x2d4, lpBuffer=0x22e9800, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15e0e8, lpOverlapped=0x0 | out: lpBuffer=0x22e9800*, lpNumberOfBytesRead=0x15e0e8*=0x1000, lpOverlapped=0x0) returned 1 [0235.565] ReadFile (in: hFile=0x2d4, lpBuffer=0x22e9800, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15e328, lpOverlapped=0x0 | out: lpBuffer=0x22e9800*, lpNumberOfBytesRead=0x15e328*=0x1000, lpOverlapped=0x0) returned 1 [0235.570] ReadFile (in: hFile=0x2d4, lpBuffer=0x22e9800, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15e258, lpOverlapped=0x0 | out: lpBuffer=0x22e9800*, lpNumberOfBytesRead=0x15e258*=0x1000, lpOverlapped=0x0) returned 1 [0235.570] ReadFile (in: hFile=0x2d4, lpBuffer=0x22e9800, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15e258, lpOverlapped=0x0 | out: lpBuffer=0x22e9800*, lpNumberOfBytesRead=0x15e258*=0xc8e, lpOverlapped=0x0) returned 1 [0235.571] ReadFile (in: hFile=0x2d4, lpBuffer=0x22e9800, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x15e368, lpOverlapped=0x0 | out: lpBuffer=0x22e9800*, lpNumberOfBytesRead=0x15e368*=0x0, lpOverlapped=0x0) returned 1 [0235.572] CloseHandle (hObject=0x2d4) returned 1 [0235.572] CloseHandle (hObject=0x2d8) returned 1 [0235.575] GetCurrentProcess () returned 0xffffffffffffffff [0235.575] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x15e918 | out: TokenHandle=0x15e918*=0x2d8) returned 1 [0235.577] CloseHandle (hObject=0x2d8) returned 1 [0235.578] GetCurrentProcess () returned 0xffffffffffffffff [0235.578] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x15e918 | out: TokenHandle=0x15e918*=0x2d8) returned 1 [0235.580] CloseHandle (hObject=0x2d8) returned 1 [0235.702] GetCurrentProcess () returned 0xffffffffffffffff [0235.703] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x15e758 | out: TokenHandle=0x15e758*=0x2cc) returned 1 [0235.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe.config" (normalized: "c:\\users\\oqxzraykm\\desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x15e800 | out: lpFileInformation=0x15e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0235.705] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe.config", nBufferLength=0x105, lpBuffer=0x15e190, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe.config", lpFilePart=0x0) returned 0x66 [0235.706] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe.config" (normalized: "c:\\users\\oqxzraykm\\desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x15e7f8 | out: lpFileInformation=0x15e7f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0235.708] CloseHandle (hObject=0x2cc) returned 1 [0235.708] GetCurrentProcess () returned 0xffffffffffffffff [0235.709] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x15e918 | out: TokenHandle=0x15e918*=0x2cc) returned 1 [0235.710] CloseHandle (hObject=0x2cc) returned 1 [0235.713] GetCurrentProcess () returned 0xffffffffffffffff [0235.713] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x15e918 | out: TokenHandle=0x15e918*=0x2cc) returned 1 [0235.714] CloseHandle (hObject=0x2cc) returned 1 [0235.804] GetCurrentProcess () returned 0xffffffffffffffff [0235.804] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x15e608 | out: TokenHandle=0x15e608*=0x2cc) returned 1 [0235.832] CloseHandle (hObject=0x2cc) returned 1 [0235.834] GetCurrentProcess () returned 0xffffffffffffffff [0235.835] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x15e648 | out: TokenHandle=0x15e648*=0x2cc) returned 1 [0235.850] CloseHandle (hObject=0x2cc) returned 1 [0235.884] GetSystemMetrics (nIndex=75) returned 1 [0235.921] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0236.087] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffaa3a50000 [0236.094] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x15eaf0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15 [0236.094] GetProcAddress (hModule=0x7ffaa3a50000, lpProcName="AddDllDirectory") returned 0x7ffaa307c9b0 [0236.095] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x7ffa95c40000 [0236.189] AdjustWindowRectEx (in: lpRect=0x15ee60, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x15ee60) returned 1 [0236.220] GetCurrentProcess () returned 0xffffffffffffffff [0236.220] GetCurrentThread () returned 0xfffffffffffffffe [0236.220] GetCurrentProcess () returned 0xffffffffffffffff [0236.221] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x15ec60, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x15ec60*=0x384) returned 1 [0236.233] GetCurrentThreadId () returned 0x134c [0236.296] GetCurrentActCtx (in: lphActCtx=0x15eb60 | out: lphActCtx=0x15eb60*=0x0) returned 1 [0236.296] ActivateActCtx (in: hActCtx=0x61ce08, lpCookie=0x15eba0 | out: hActCtx=0x61ce08, lpCookie=0x15eba0) returned 1 [0236.306] GetModuleHandleW (lpModuleName="user32.dll") returned 0x7ffaa36e0000 [0236.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x15e880, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW", lpUsedDefaultChar=0x0) returned 14 [0236.306] GetProcAddress (hModule=0x7ffaa36e0000, lpProcName="DefWindowProcW") returned 0x7ffaa540aa60 [0236.307] GetStockObject (i=5) returned 0x900015 [0236.326] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0236.330] CoTaskMemAlloc (cb=0x5a) returned 0x6020d0 [0236.331] RegisterClassW (lpWndClass=0x15e840) returned 0xc1d6 [0236.334] CoTaskMemFree (pv=0x6020d0) [0236.334] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0236.335] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r6_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0x10000, lpParam=0x0) returned 0x40366 [0236.358] SetWindowLongPtrW (hWnd=0x40366, nIndex=-4, dwNewLong=0x7ffaa540aa60) returned 0x1ad608dc [0236.366] GetWindowLongPtrW (hWnd=0x40366, nIndex=-4) returned 0x7ffaa540aa60 [0236.374] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x15db88 | out: phkResult=0x15db88*=0x3a4) returned 0x0 [0236.377] RegQueryValueExW (in: hKey=0x3a4, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x15dbd8, lpData=0x0, lpcbData=0x15dbd0*=0x0 | out: lpType=0x15dbd8*=0x0, lpData=0x0, lpcbData=0x15dbd0*=0x0) returned 0x2 [0236.377] RegQueryValueExW (in: hKey=0x3a4, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x15dbd8, lpData=0x0, lpcbData=0x15dbd0*=0x0 | out: lpType=0x15dbd8*=0x0, lpData=0x0, lpcbData=0x15dbd0*=0x0) returned 0x2 [0236.381] RegCloseKey (hKey=0x3a4) returned 0x0 [0236.384] SetWindowLongPtrW (hWnd=0x40366, nIndex=-4, dwNewLong=0x1ad6092c) returned 0x7ffaa540aa60 [0236.384] GetWindowLongPtrW (hWnd=0x40366, nIndex=-4) returned 0x1ad6092c [0236.384] GetWindowLongPtrW (hWnd=0x40366, nIndex=-16) returned 0x6c10000 [0236.392] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1d7 [0236.394] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40366, Msg=0x24, wParam=0x0, lParam=0x15e280) returned 0x0 [0236.476] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1db [0236.476] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40366, Msg=0x81, wParam=0x0, lParam=0x15e1f0) returned 0x1 [0236.478] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40366, Msg=0x83, wParam=0x0, lParam=0x15e2a0) returned 0x0 [0236.480] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40366, Msg=0x1, wParam=0x0, lParam=0x15e1f0) returned 0x0 [0236.480] GetClientRect (in: hWnd=0x40366, lpRect=0x15dc10 | out: lpRect=0x15dc10) returned 1 [0236.481] GetWindowRect (in: hWnd=0x40366, lpRect=0x15dc10 | out: lpRect=0x15dc10) returned 1 [0236.490] GetParent (hWnd=0x40366) returned 0x0 [0236.490] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10e8c4af00000001) returned 1 [0237.086] GetSystemDefaultLCID () returned 0x409 [0237.087] GetStockObject (i=17) returned 0x48a00d5 [0237.099] GetObjectW (in: h=0x48a00d5, c=92, pv=0x15e320 | out: pv=0x15e320) returned 92 [0237.102] GetDC (hWnd=0x0) returned 0x580108aa [0237.147] GdiplusStartup (in: token=0x7ffa20fa77e0, input=0x15cbd8, output=0x15cc88 | out: token=0x7ffa20fa77e0, output=0x15cc88) returned 0x0 [0237.168] CoTaskMemAlloc (cb=0x5c) returned 0x6020d0 [0237.170] GdipCreateFontFromLogfontW (hdc=0x580108aa, logfont=0x6020d0, font=0x15e460) returned 0x0 [0242.481] CoTaskMemFree (pv=0x6020d0) [0242.484] CoTaskMemAlloc (cb=0x5c) returned 0x634930 [0242.484] CoTaskMemFree (pv=0x634930) [0242.485] CoTaskMemAlloc (cb=0x5c) returned 0x634540 [0242.486] CoTaskMemFree (pv=0x634540) [0242.490] GdipGetFontUnit (font=0x1ac61f10, unit=0x15e3d0) returned 0x0 [0242.491] GdipGetFontSize (font=0x1ac61f10, size=0x15e3dc) returned 0x0 [0242.491] GdipGetFontStyle (font=0x1ac61f10, style=0x15e3c8) returned 0x0 [0242.492] GdipGetFamily (font=0x1ac61f10, family=0x15e3c0) returned 0x0 [0242.501] GdipGetFontSize (font=0x1ac61f10, size=0x2165ee0) returned 0x0 [0242.502] ReleaseDC (hWnd=0x0, hDC=0x580108aa) returned 1 [0242.508] GetDC (hWnd=0x0) returned 0x580108aa [0242.510] GdipCreateFromHDC (hdc=0x580108aa, graphics=0x15e3c8) returned 0x0 [0242.531] GdipGetDpiY (graphics=0x1c577b70, dpi=0x2166070) returned 0x0 [0242.535] GdipGetFontHeight (font=0x1ac61f10, graphics=0x1c577b70, height=0x15e3c4) returned 0x0 [0242.538] GdipGetEmHeight (family=0x1ac6a560, style=0, EmHeight=0x15e3c8) returned 0x0 [0242.594] GdipGetLineSpacing (family=0x1ac6a560, style=0, LineSpacing=0x15e3c8) returned 0x0 [0242.603] GdipDeleteGraphics (graphics=0x1c577b70) returned 0x0 [0242.604] ReleaseDC (hWnd=0x0, hDC=0x580108aa) returned 1 [0242.623] GdipCreateFont (fontFamily=0x1ac6a560, emSize=0x7ffa837b7187, style=0, unit=0x3, font=0x21660a8) returned 0x0 [0242.623] GdipGetFontSize (font=0x1ac6ea10, size=0x21660b0) returned 0x0 [0242.623] GdipDeleteFont (font=0x1ac61f10) returned 0x0 [0242.631] GetDC (hWnd=0x0) returned 0x580108aa [0242.631] GdipCreateFromHDC (hdc=0x580108aa, graphics=0x15e538) returned 0x0 [0242.632] GdipGetFontHeight (font=0x1ac6ea10, graphics=0x1c577b70, height=0x15e534) returned 0x0 [0242.634] GdipDeleteGraphics (graphics=0x1c577b70) returned 0x0 [0242.634] ReleaseDC (hWnd=0x0, hDC=0x580108aa) returned 1 [0242.635] GetSystemMetrics (nIndex=5) returned 1 [0242.635] GetSystemMetrics (nIndex=6) returned 1 [0242.639] AdjustWindowRectEx (in: lpRect=0x15e800, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e800) returned 1 [0242.647] AdjustWindowRectEx (in: lpRect=0x15e7e0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e7e0) returned 1 [0242.666] AdjustWindowRectEx (in: lpRect=0x15e800, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e800) returned 1 [0242.668] AdjustWindowRectEx (in: lpRect=0x15e800, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e800) returned 1 [0242.678] AdjustWindowRectEx (in: lpRect=0x15e810, dwStyle=0x562100c1, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e810) returned 1 [0242.687] AdjustWindowRectEx (in: lpRect=0x15e800, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e800) returned 1 [0242.688] GetDC (hWnd=0x0) returned 0x580108aa [0242.688] GdipCreateFromHDC (hdc=0x580108aa, graphics=0x15e538) returned 0x0 [0242.690] GdipGetFontHeight (font=0x1ac6ea10, graphics=0x1c577b70, height=0x15e534) returned 0x0 [0242.690] GdipDeleteGraphics (graphics=0x1c577b70) returned 0x0 [0242.690] ReleaseDC (hWnd=0x0, hDC=0x580108aa) returned 1 [0242.690] GetSystemMetrics (nIndex=5) returned 1 [0242.690] GetSystemMetrics (nIndex=6) returned 1 [0242.690] AdjustWindowRectEx (in: lpRect=0x15e800, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e800) returned 1 [0242.700] AdjustWindowRectEx (in: lpRect=0x15e810, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e810) returned 1 [0242.718] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x15e7b0) returned 0x0 [0242.721] GdipCreateFont (fontFamily=0x1ac6a560, emSize=0x7ffa837b7187, style=0, unit=0x3, font=0x21679e0) returned 0x0 [0242.721] GdipGetFontSize (font=0x1ac61f10, size=0x21679e8) returned 0x0 [0242.734] GetDC (hWnd=0x0) returned 0x580108aa [0242.734] GdipCreateFromHDC (hdc=0x580108aa, graphics=0x15e6f8) returned 0x0 [0242.735] GdipGetFontHeight (font=0x1ac61f10, graphics=0x1c577b70, height=0x15e6f4) returned 0x0 [0242.735] GdipDeleteGraphics (graphics=0x1c577b70) returned 0x0 [0242.736] ReleaseDC (hWnd=0x0, hDC=0x580108aa) returned 1 [0242.758] GetDC (hWnd=0x0) returned 0x580108aa [0242.758] GdipCreateFromHDC (hdc=0x580108aa, graphics=0x15e5b8) returned 0x0 [0242.759] GdipGetFontHeight (font=0x1ac61f10, graphics=0x1c577b70, height=0x15e5b4) returned 0x0 [0242.759] GdipDeleteGraphics (graphics=0x1c577b70) returned 0x0 [0242.759] ReleaseDC (hWnd=0x0, hDC=0x580108aa) returned 1 [0242.760] GetSystemMetrics (nIndex=5) returned 1 [0242.760] GetSystemMetrics (nIndex=6) returned 1 [0242.760] GetSystemMetrics (nIndex=5) returned 1 [0242.760] GetSystemMetrics (nIndex=6) returned 1 [0242.762] AdjustWindowRectEx (in: lpRect=0x15e620, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e620) returned 1 [0242.765] GetSystemMetrics (nIndex=5) returned 1 [0242.765] GetSystemMetrics (nIndex=6) returned 1 [0242.765] AdjustWindowRectEx (in: lpRect=0x15e710, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e710) returned 1 [0242.774] GetSystemMetrics (nIndex=5) returned 1 [0242.774] GetSystemMetrics (nIndex=6) returned 1 [0242.774] AdjustWindowRectEx (in: lpRect=0x15e710, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e710) returned 1 [0242.786] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x15e7b0) returned 0x0 [0242.787] GdipCreateFont (fontFamily=0x1ac6a560, emSize=0x7ffa837b7187, style=0, unit=0x3, font=0x2167f78) returned 0x0 [0242.787] GdipGetFontSize (font=0x1ac6ea50, size=0x2167f80) returned 0x0 [0242.790] AdjustWindowRectEx (in: lpRect=0x15e710, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e710) returned 1 [0242.811] GetProcessWindowStation () returned 0xe8 [0242.814] GetUserObjectInformationA (in: hObj=0xe8, nIndex=1, pvInfo=0x21688c8, nLength=0xc, lpnLengthNeeded=0x15e3a0 | out: pvInfo=0x21688c8, lpnLengthNeeded=0x15e3a0) returned 1 [0242.820] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e4 [0242.907] GetSysColor (nIndex=10) returned 0xb4b4b4 [0242.907] GetSysColor (nIndex=2) returned 0xd1b499 [0242.907] GetSysColor (nIndex=9) returned 0x0 [0242.907] GetSysColor (nIndex=12) returned 0xababab [0242.908] GetSysColor (nIndex=15) returned 0xf0f0f0 [0242.908] GetSysColor (nIndex=20) returned 0xffffff [0242.908] GetSysColor (nIndex=16) returned 0xa0a0a0 [0242.908] GetSysColor (nIndex=15) returned 0xf0f0f0 [0242.908] GetSysColor (nIndex=16) returned 0xa0a0a0 [0242.908] GetSysColor (nIndex=21) returned 0x696969 [0242.908] GetSysColor (nIndex=22) returned 0xe3e3e3 [0242.908] GetSysColor (nIndex=20) returned 0xffffff [0242.908] GetSysColor (nIndex=18) returned 0x0 [0242.909] GetSysColor (nIndex=1) returned 0x0 [0242.909] GetSysColor (nIndex=27) returned 0xead1b9 [0242.909] GetSysColor (nIndex=28) returned 0xf2e4d7 [0242.909] GetSysColor (nIndex=17) returned 0x6d6d6d [0242.909] GetSysColor (nIndex=13) returned 0xd77800 [0242.909] GetSysColor (nIndex=14) returned 0xffffff [0242.909] GetSysColor (nIndex=26) returned 0xcc6600 [0242.909] GetSysColor (nIndex=11) returned 0xfcf7f4 [0242.909] GetSysColor (nIndex=3) returned 0xdbcdbf [0242.909] GetSysColor (nIndex=19) returned 0x0 [0242.910] GetSysColor (nIndex=24) returned 0xe1ffff [0242.910] GetSysColor (nIndex=23) returned 0x0 [0242.910] GetSysColor (nIndex=4) returned 0xf0f0f0 [0242.910] GetSysColor (nIndex=30) returned 0xf0f0f0 [0242.910] GetSysColor (nIndex=29) returned 0xd77800 [0242.910] GetSysColor (nIndex=7) returned 0x0 [0242.910] GetSysColor (nIndex=0) returned 0xc8c8c8 [0242.910] GetSysColor (nIndex=5) returned 0xffffff [0242.911] GetSysColor (nIndex=6) returned 0x646464 [0242.911] GetSysColor (nIndex=8) returned 0x0 [0242.912] AdjustWindowRectEx (in: lpRect=0x15e710, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e710) returned 1 [0242.935] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x15e7a0) returned 0x0 [0242.936] GdipCreateFont (fontFamily=0x1ac6a560, emSize=0x7ffa837b7187, style=1, unit=0x3, font=0x2169320) returned 0x0 [0242.936] GdipGetFontSize (font=0x1c572150, size=0x2169328) returned 0x0 [0242.940] AdjustWindowRectEx (in: lpRect=0x15e6a0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e6a0) returned 1 [0242.940] AdjustWindowRectEx (in: lpRect=0x15e6a0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e6a0) returned 1 [0242.983] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x15e7a0) returned 0x0 [0242.985] GdipCreateFont (fontFamily=0x1ac6a560, emSize=0x7ffa837b7187, style=1, unit=0x3, font=0x216ae30) returned 0x0 [0242.985] GdipGetFontSize (font=0x1c572190, size=0x216ae38) returned 0x0 [0242.985] AdjustWindowRectEx (in: lpRect=0x15e6a0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e6a0) returned 1 [0242.985] AdjustWindowRectEx (in: lpRect=0x15e6a0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e6a0) returned 1 [0243.030] AdjustWindowRectEx (in: lpRect=0x15e710, dwStyle=0x563100c1, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e710) returned 1 [0243.030] AdjustWindowRectEx (in: lpRect=0x15e710, dwStyle=0x563100c1, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e710) returned 1 [0243.037] AdjustWindowRectEx (in: lpRect=0x15e6a0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e6a0) returned 1 [0243.037] AdjustWindowRectEx (in: lpRect=0x15e6a0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e6a0) returned 1 [0243.075] IsAppThemed () returned 0x1 [0243.076] GetThemeAppProperties () returned 0x3 [0243.077] OpenThemeData () returned 0x20001 [0243.084] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x15e7a0) returned 0x0 [0243.085] GdipCreateFont (fontFamily=0x1ac6a560, emSize=0x7ffa837b7187, style=0, unit=0x3, font=0x216bb60) returned 0x0 [0243.085] GdipGetFontSize (font=0x1c5721d0, size=0x216bb68) returned 0x0 [0243.097] GetDC (hWnd=0x0) returned 0x580108aa [0243.097] GdipCreateFromHDC (hdc=0x580108aa, graphics=0x15e6f8) returned 0x0 [0243.098] GdipGetFontHeight (font=0x1c5721d0, graphics=0x1c577b70, height=0x15e6f4) returned 0x0 [0243.098] GdipDeleteGraphics (graphics=0x1c577b70) returned 0x0 [0243.098] ReleaseDC (hWnd=0x0, hDC=0x580108aa) returned 1 [0243.098] GetDC (hWnd=0x0) returned 0x580108aa [0243.098] GdipCreateFromHDC (hdc=0x580108aa, graphics=0x15e5b8) returned 0x0 [0243.099] GdipGetFontHeight (font=0x1c5721d0, graphics=0x1c577b70, height=0x15e5b4) returned 0x0 [0243.100] GdipDeleteGraphics (graphics=0x1c577b70) returned 0x0 [0243.100] ReleaseDC (hWnd=0x0, hDC=0x580108aa) returned 1 [0243.100] GetSystemMetrics (nIndex=5) returned 1 [0243.100] GetSystemMetrics (nIndex=6) returned 1 [0243.100] GetSystemMetrics (nIndex=5) returned 1 [0243.100] GetSystemMetrics (nIndex=6) returned 1 [0243.100] AdjustWindowRectEx (in: lpRect=0x15e620, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e620) returned 1 [0243.100] GetSystemMetrics (nIndex=5) returned 1 [0243.100] GetSystemMetrics (nIndex=6) returned 1 [0243.100] AdjustWindowRectEx (in: lpRect=0x15e710, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e710) returned 1 [0243.175] GetSystemMetrics (nIndex=5) returned 1 [0243.175] GetSystemMetrics (nIndex=6) returned 1 [0243.175] AdjustWindowRectEx (in: lpRect=0x15e620, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e620) returned 1 [0243.175] AdjustWindowRectEx (in: lpRect=0x15e620, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e620) returned 1 [0243.184] AdjustWindowRectEx (in: lpRect=0x15e710, dwStyle=0x56010844, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e710) returned 1 [0243.209] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe.config", nBufferLength=0x105, lpBuffer=0x15df40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe.config", lpFilePart=0x0) returned 0x66 [0243.209] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x15e198) returned 1 [0243.209] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe.config" (normalized: "c:\\users\\oqxzraykm\\desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x15e4c0 | out: lpFileInformation=0x15e4c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0243.209] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x15e148) returned 1 [0243.788] GetLocaleInfoW (in: Locale=0x9, LCType=0x1, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 5 [0244.939] GdipLoadImageFromStream (stream=0x950020, image=0x15dd40) returned 0x0 [0244.987] memcpy (in: _Dst=0x15da50, _Src=0x220f5b8, _Size=0x58 | out: _Dst=0x15da50) returned 0x15da50 [0244.988] memcpy (in: _Dst=0x15da20, _Src=0x220f628, _Size=0x16 | out: _Dst=0x15da20) returned 0x15da20 [0244.988] memcpy (in: _Dst=0x15da08, _Src=0x220f658, _Size=0x12 | out: _Dst=0x15da08) returned 0x15da08 [0244.989] memcpy (in: _Dst=0x15da40, _Src=0x220f688, _Size=0x2c | out: _Dst=0x15da40) returned 0x15da40 [0244.991] memcpy (in: _Dst=0x1c5788f0, _Src=0x220f748, _Size=0x9dd | out: _Dst=0x1c5788f0) returned 0x1c5788f0 [0245.103] GdipImageForceValidation (image=0x1c577b70) returned 0x0 [0245.116] GdipGetImageType (image=0x1c577b70, type=0x15dd38) returned 0x0 [0245.220] GdipGetImageRawFormat (image=0x1c577b70, format=0x15dc10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0245.240] AdjustWindowRectEx (in: lpRect=0x15e710, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e710) returned 1 [0245.241] AdjustWindowRectEx (in: lpRect=0x15e710, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e710) returned 1 [0245.382] AdjustWindowRectEx (in: lpRect=0x15e770, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x15e770) returned 1 [0245.382] GetSystemMetrics (nIndex=59) returned 1460 [0245.382] GetSystemMetrics (nIndex=60) returned 920 [0245.382] GetSystemMetrics (nIndex=34) returned 136 [0245.382] GetSystemMetrics (nIndex=35) returned 39 [0245.389] AdjustWindowRectEx (in: lpRect=0x15e530, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x15e530) returned 1 [0245.395] GetCurrentThreadId () returned 0x134c [0245.395] GetCurrentThreadId () returned 0x134c [0245.607] GetCurrentThreadId () returned 0x134c [0245.607] GetCurrentThreadId () returned 0x134c [0245.607] GetCurrentThreadId () returned 0x134c [0245.607] GetCurrentThreadId () returned 0x134c [0245.620] AdjustWindowRectEx (in: lpRect=0x15e480, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e480) returned 1 [0245.679] GdipGetFamilyName (in: family=0x1ac6a560, name=0x15e1a0, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0 [0245.685] CreateCompatibleDC (hdc=0x0) returned 0xffffffff960106e3 [0245.691] GetCurrentObject (hdc=0xffffffff960106e3, type=0x1) returned 0xb00017 [0245.691] GetCurrentObject (hdc=0xffffffff960106e3, type=0x2) returned 0x900010 [0245.691] GetCurrentObject (hdc=0xffffffff960106e3, type=0x7) returned 0x85000f [0245.691] GetCurrentObject (hdc=0xffffffff960106e3, type=0x6) returned 0x58a00b4 [0245.712] SaveDC (hdc=0xffffffff960106e3) returned 1 [0245.721] GetDeviceCaps (hdc=0xffffffff960106e3, index=90) returned 96 [0245.725] CoTaskMemAlloc (cb=0x5c) returned 0x634540 [0245.726] CreateFontIndirectW (lplf=0x634540) returned 0x3b0a05b0 [0245.728] CoTaskMemFree (pv=0x634540) [0245.729] GetObjectW (in: h=0x3b0a05b0, c=92, pv=0x15e170 | out: pv=0x15e170) returned 92 [0245.753] GetCurrentObject (hdc=0xffffffff960106e3, type=0x6) returned 0x58a00b4 [0245.753] GetObjectW (in: h=0x58a00b4, c=92, pv=0x15df80 | out: pv=0x15df80) returned 92 [0245.774] SelectObject (hdc=0xffffffff960106e3, h=0x3b0a05b0) returned 0x58a00b4 [0245.780] GetMapMode (hdc=0xffffffff960106e3) returned 1 [0245.781] GetTextMetricsW (in: hdc=0xffffffff960106e3, lptm=0x15e1d0 | out: lptm=0x15e1d0) returned 1 [0245.785] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="Enter password:", cchText=15, lprc=0x15e3e8, format=0x2400, lpdtp=0x2251580 | out: lpchText="Enter password:", lprc=0x15e3e8) returned 13 [0245.916] GetCurrentThreadId () returned 0x134c [0245.916] GetCurrentThreadId () returned 0x134c [0245.918] GetCurrentThreadId () returned 0x134c [0245.918] GetCurrentThreadId () returned 0x134c [0245.918] AdjustWindowRectEx (in: lpRect=0x15e480, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e480) returned 1 [0245.918] GdipGetFamilyName (in: family=0x1ac6a560, name=0x15e1a0, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0 [0245.919] GetDeviceCaps (hdc=0xffffffff960106e3, index=90) returned 96 [0245.919] CoTaskMemAlloc (cb=0x5c) returned 0x633e40 [0245.919] CreateFontIndirectW (lplf=0x633e40) returned 0x650a05af [0245.920] CoTaskMemFree (pv=0x633e40) [0245.920] GetObjectW (in: h=0x650a05af, c=92, pv=0x15e170 | out: pv=0x15e170) returned 92 [0245.965] SelectObject (hdc=0xffffffff960106e3, h=0x650a05af) returned 0x3b0a05b0 [0245.965] GetMapMode (hdc=0xffffffff960106e3) returned 1 [0245.965] GetTextMetricsW (in: hdc=0xffffffff960106e3, lptm=0x15e1d0 | out: lptm=0x15e1d0) returned 1 [0245.965] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="label2", cchText=6, lprc=0x15e3e8, format=0x2400, lpdtp=0x2289a58 | out: lpchText="label2", lprc=0x15e3e8) returned 13 [0246.105] GetCurrentThreadId () returned 0x134c [0246.105] GetCurrentThreadId () returned 0x134c [0246.105] AdjustWindowRectEx (in: lpRect=0x15e480, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e480) returned 1 [0246.105] GdipGetFamilyName (in: family=0x1ac6a560, name=0x15e1a0, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0 [0246.106] GetDeviceCaps (hdc=0xffffffff960106e3, index=90) returned 96 [0246.106] CoTaskMemAlloc (cb=0x5c) returned 0x634540 [0246.107] CreateFontIndirectW (lplf=0x634540) returned 0x250a0705 [0246.107] CoTaskMemFree (pv=0x634540) [0246.108] GetObjectW (in: h=0x250a0705, c=92, pv=0x15e170 | out: pv=0x15e170) returned 92 [0246.108] SelectObject (hdc=0xffffffff960106e3, h=0x250a0705) returned 0x650a05af [0246.108] GetMapMode (hdc=0xffffffff960106e3) returned 1 [0246.108] GetTextMetricsW (in: hdc=0xffffffff960106e3, lptm=0x15e1d0 | out: lptm=0x15e1d0) returned 1 [0246.110] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="All your files belong to us!", cchText=28, lprc=0x15e3e8, format=0x2405, lpdtp=0x2291ef0 | out: lpchText="All your files belong to us!", lprc=0x15e3e8) returned 20 [0246.181] GetCurrentThreadId () returned 0x134c [0246.181] GetCurrentThreadId () returned 0x134c [0246.187] GetCurrentThreadId () returned 0x134c [0246.187] GetCurrentThreadId () returned 0x134c [0246.192] AdjustWindowRectEx (in: lpRect=0x15e550, dwStyle=0x2cb0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x15e550) returned 1 [0246.192] AdjustWindowRectEx (in: lpRect=0x15e6e0, dwStyle=0x2cb0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x15e6e0) returned 1 [0246.192] GetSystemMetrics (nIndex=59) returned 1460 [0246.192] GetSystemMetrics (nIndex=60) returned 920 [0246.193] GetSystemMetrics (nIndex=34) returned 136 [0246.193] GetSystemMetrics (nIndex=35) returned 39 [0246.193] AdjustWindowRectEx (in: lpRect=0x15e300, dwStyle=0x2cb0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x15e300) returned 1 [0246.193] AdjustWindowRectEx (in: lpRect=0x15e4a0, dwStyle=0x2cb0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x15e4a0) returned 1 [0246.242] CreateCompatibleDC (hdc=0x0) returned 0x58010905 [0246.260] GetDC (hWnd=0x0) returned 0xffffffffb2010715 [0246.260] GdipCreateFromHDC (hdc=0xffffffffb2010715, graphics=0x15e388) returned 0x0 [0246.264] CoTaskMemAlloc (cb=0x5c) returned 0x634540 [0246.264] GdipGetLogFontW (font=0x1ac6ea10, graphics=0x1c5789b0, logfontW=0x634540) returned 0x0 [0246.272] CoTaskMemFree (pv=0x634540) [0246.273] CoTaskMemAlloc (cb=0x5c) returned 0x634540 [0246.273] CoTaskMemFree (pv=0x634540) [0246.274] CoTaskMemAlloc (cb=0x5c) returned 0x633e40 [0246.276] CoTaskMemFree (pv=0x633e40) [0246.276] GdipDeleteGraphics (graphics=0x1c5789b0) returned 0x0 [0246.276] ReleaseDC (hWnd=0x0, hDC=0xffffffffb2010715) returned 1 [0246.277] CoTaskMemAlloc (cb=0x5c) returned 0x633e40 [0246.277] CreateFontIndirectW (lplf=0x633e40) returned 0x4e0a0926 [0246.278] CoTaskMemFree (pv=0x633e40) [0246.280] SelectObject (hdc=0x58010905, h=0x4e0a0926) returned 0x58a00b4 [0246.281] GetTextMetricsW (in: hdc=0x58010905, lptm=0x15e618 | out: lptm=0x15e618) returned 1 [0246.282] GetTextExtentPoint32W (in: hdc=0x58010905, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x2292d60 | out: psizl=0x2292d60) returned 1 [0246.285] SelectObject (hdc=0x58010905, h=0x58a00b4) returned 0x4e0a0926 [0246.286] DeleteDC (hdc=0x58010905) returned 1 [0246.286] AdjustWindowRectEx (in: lpRect=0x15e260, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x10001 | out: lpRect=0x15e260) returned 1 [0246.287] GetCursorPos (in: lpPoint=0x2292d98 | out: lpPoint=0x2292d98*(x=229, y=581)) returned 1 [0246.291] GetSystemMetrics (nIndex=80) returned 1 [0246.294] MonitorFromPoint (pt=0x245000000e5, dwFlags=0x2) returned 0x10001 [0246.296] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x15e010 | out: lpmi=0x15e010) returned 1 [0246.298] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x5a010905 [0246.299] GetDeviceCaps (hdc=0x5a010905, index=12) returned 32 [0246.299] GetDeviceCaps (hdc=0x5a010905, index=14) returned 1 [0246.299] DeleteDC (hdc=0x5a010905) returned 1 [0246.301] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x15e0e0 | out: lpmi=0x15e0e0) returned 1 [0246.302] AdjustWindowRectEx (in: lpRect=0x15e4f0, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x10001 | out: lpRect=0x15e4f0) returned 1 [0246.302] AdjustWindowRectEx (in: lpRect=0x15e140, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x10001 | out: lpRect=0x15e140) returned 1 [0246.302] GetCursorPos (in: lpPoint=0x2293200 | out: lpPoint=0x2293200*(x=229, y=581)) returned 1 [0246.302] MonitorFromPoint (pt=0x246000000e2, dwFlags=0x2) returned 0x10001 [0246.302] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x15def0 | out: lpmi=0x15def0) returned 1 [0246.303] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x5b010905 [0246.303] GetDeviceCaps (hdc=0x5b010905, index=12) returned 32 [0246.303] GetDeviceCaps (hdc=0x5b010905, index=14) returned 1 [0246.303] DeleteDC (hdc=0x5b010905) returned 1 [0246.304] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x15dfc0 | out: lpmi=0x15dfc0) returned 1 [0246.304] AdjustWindowRectEx (in: lpRect=0x15e2e0, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x10001 | out: lpRect=0x15e2e0) returned 1 [0246.304] GetSystemMetrics (nIndex=34) returned 136 [0246.304] GetSystemMetrics (nIndex=35) returned 39 [0246.304] AdjustWindowRectEx (in: lpRect=0x15e4e0, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e4e0) returned 1 [0246.306] AdjustWindowRectEx (in: lpRect=0x15e330, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e330) returned 1 [0246.306] AdjustWindowRectEx (in: lpRect=0x15e4e0, dwStyle=0x56010845, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e4e0) returned 1 [0246.306] AdjustWindowRectEx (in: lpRect=0x15e330, dwStyle=0x56010845, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e330) returned 1 [0246.306] AdjustWindowRectEx (in: lpRect=0x15e4e0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e4e0) returned 1 [0246.307] AdjustWindowRectEx (in: lpRect=0x15e330, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e330) returned 1 [0246.307] AdjustWindowRectEx (in: lpRect=0x15e0e0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e0e0) returned 1 [0246.307] AdjustWindowRectEx (in: lpRect=0x15e4a0, dwStyle=0x563100c1, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e4a0) returned 1 [0246.307] AdjustWindowRectEx (in: lpRect=0x15e2a0, dwStyle=0x563100c1, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e2a0) returned 1 [0246.307] AdjustWindowRectEx (in: lpRect=0x15e4e0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e4e0) returned 1 [0246.307] AdjustWindowRectEx (in: lpRect=0x15e330, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e330) returned 1 [0246.308] AdjustWindowRectEx (in: lpRect=0x15e0e0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e0e0) returned 1 [0246.308] AdjustWindowRectEx (in: lpRect=0x15e4e0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e4e0) returned 1 [0246.308] AdjustWindowRectEx (in: lpRect=0x15e330, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e330) returned 1 [0246.308] AdjustWindowRectEx (in: lpRect=0x15e0e0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e0e0) returned 1 [0246.308] AdjustWindowRectEx (in: lpRect=0x15e4e0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e4e0) returned 1 [0246.308] AdjustWindowRectEx (in: lpRect=0x15e330, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e330) returned 1 [0246.308] AdjustWindowRectEx (in: lpRect=0x15e4e0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e4e0) returned 1 [0246.308] AdjustWindowRectEx (in: lpRect=0x15e330, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x15e330) returned 1 [0246.308] GetSystemMetrics (nIndex=5) returned 1 [0246.308] GetSystemMetrics (nIndex=6) returned 1 [0246.314] AdjustWindowRectEx (in: lpRect=0x15ebe0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15ebe0) returned 1 [0246.317] SelectObject (hdc=0xffffffff960106e3, h=0x650a05af) returned 0x250a0705 [0246.317] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="319 files have been encrypted", cchText=29, lprc=0x15eb48, format=0x2400, lpdtp=0x2293ac8 | out: lpchText="319 files have been encrypted", lprc=0x15eb48) returned 13 [0246.317] AdjustWindowRectEx (in: lpRect=0x15ec50, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15ec50) returned 1 [0246.359] GetCurrentActCtx (in: lphActCtx=0x15eef0 | out: lphActCtx=0x15eef0*=0x0) returned 1 [0246.360] ActivateActCtx (in: hActCtx=0x61ce08, lpCookie=0x15ef30 | out: hActCtx=0x61ce08, lpCookie=0x15ef30) returned 1 [0246.366] GetCurrentActCtx (in: lphActCtx=0x15eb50 | out: lphActCtx=0x15eb50*=0x61ce08) returned 1 [0246.366] AdjustWindowRectEx (in: lpRect=0x15ea60, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x10001 | out: lpRect=0x15ea60) returned 1 [0246.366] GetCursorPos (in: lpPoint=0x2299008 | out: lpPoint=0x2299008*(x=229, y=581)) returned 1 [0246.366] MonitorFromPoint (pt=0x245000000e5, dwFlags=0x2) returned 0x10001 [0246.366] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x15e810 | out: lpmi=0x15e810) returned 1 [0246.368] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x5c010905 [0246.368] GetDeviceCaps (hdc=0x5c010905, index=12) returned 32 [0246.368] GetDeviceCaps (hdc=0x5c010905, index=14) returned 1 [0246.368] DeleteDC (hdc=0x5c010905) returned 1 [0246.369] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x15e8e0 | out: lpmi=0x15e8e0) returned 1 [0246.370] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0246.370] CreateWindowExW (dwExStyle=0x10001, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r6_ad1", lpWindowName="RansomeToad", dwStyle=0x2c80000, X=237, Y=195, nWidth=965, nHeight=470, hWndParent=0x0, hMenu=0x0, hInstance=0x10000, lpParam=0x0) returned 0x40376 [0246.372] SetWindowLongPtrW (hWnd=0x40376, nIndex=-4, dwNewLong=0x7ffaa540aa60) returned 0x1ad608dc [0246.372] GetWindowLongPtrW (hWnd=0x40376, nIndex=-4) returned 0x7ffaa540aa60 [0246.373] SetWindowLongPtrW (hWnd=0x40376, nIndex=-4, dwNewLong=0x1ad60eac) returned 0x7ffaa540aa60 [0246.373] GetWindowLongPtrW (hWnd=0x40376, nIndex=-4) returned 0x1ad60eac [0246.374] GetWindowLongPtrW (hWnd=0x40376, nIndex=-16) returned 0x6c80000 [0246.378] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x81, wParam=0x0, lParam=0x15e1e0) returned 0x1 [0246.392] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x83, wParam=0x0, lParam=0x15e290) returned 0x0 [0246.398] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x1, wParam=0x0, lParam=0x15e1b0) returned 0x0 [0246.398] GetClientRect (in: hWnd=0x40376, lpRect=0x15db90 | out: lpRect=0x15db90) returned 1 [0246.398] GetWindowRect (in: hWnd=0x40376, lpRect=0x15db90 | out: lpRect=0x15db90) returned 1 [0246.403] SetWindowTextW (hWnd=0x40376, lpString="RansomeToad") returned 1 [0246.403] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xc, wParam=0x0, lParam=0x2141874) returned 0x1 [0246.411] GetStartupInfoW (in: lpStartupInfo=0x22994a8 | out: lpStartupInfo=0x22994a8*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\OqXZRaykm\\Desktop\\fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0246.418] GetParent (hWnd=0x40376) returned 0x0 [0246.422] GetStockObject (i=5) returned 0x900015 [0246.425] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0246.426] CoTaskMemAlloc (cb=0x5a) returned 0x633e40 [0246.426] RegisterClassW (lpWndClass=0x15e830) returned 0xc1da [0246.427] CoTaskMemFree (pv=0x633e40) [0246.427] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0246.427] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r6_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x10000, lpParam=0x0) returned 0x30384 [0246.429] SetWindowLongPtrW (hWnd=0x30384, nIndex=-4, dwNewLong=0x7ffaa540aa60) returned 0x1ad60efc [0246.429] GetWindowLongPtrW (hWnd=0x30384, nIndex=-4) returned 0x7ffaa540aa60 [0246.433] SetWindowLongPtrW (hWnd=0x30384, nIndex=-4, dwNewLong=0x1ad60f4c) returned 0x7ffaa540aa60 [0246.433] GetWindowLongPtrW (hWnd=0x30384, nIndex=-4) returned 0x1ad60f4c [0246.433] GetWindowLongPtrW (hWnd=0x30384, nIndex=-16) returned 0x4c00000 [0246.433] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x24, wParam=0x0, lParam=0x15e270) returned 0x0 [0246.433] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x81, wParam=0x0, lParam=0x15e1e0) returned 0x1 [0246.435] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x83, wParam=0x0, lParam=0x15e290) returned 0x0 [0246.437] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x1, wParam=0x0, lParam=0x15e1e0) returned 0x0 [0246.442] SetWindowLongPtrW (hWnd=0x40376, nIndex=-8, dwNewLong=0x30384) returned 0x0 [0246.451] SendMessageW (hWnd=0x40376, Msg=0x80, wParam=0x0, lParam=0x0) returned 0x0 [0246.451] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x80, wParam=0x0, lParam=0x0) returned 0x0 [0246.451] SendMessageW (hWnd=0x40376, Msg=0x80, wParam=0x1, lParam=0x0) returned 0x0 [0246.451] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x80, wParam=0x1, lParam=0x0) returned 0x0 [0246.452] GetSystemMenu (hWnd=0x40376, bRevert=0) returned 0x1300e3 [0246.460] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15eb58 | out: lpwndpl=0x15eb58) returned 1 [0246.462] EnableMenuItem (hMenu=0x1300e3, uIDEnableItem=0xf020, uEnable=0x1) returned 0 [0246.463] EnableMenuItem (hMenu=0x1300e3, uIDEnableItem=0xf030, uEnable=0x1) returned 0 [0246.463] EnableMenuItem (hMenu=0x1300e3, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0246.464] EnableMenuItem (hMenu=0x1300e3, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0246.464] EnableMenuItem (hMenu=0x1300e3, uIDEnableItem=0xf000, uEnable=0x1) returned 0 [0246.464] GetClientRect (in: hWnd=0x40376, lpRect=0x15ec28 | out: lpRect=0x15ec28) returned 1 [0246.464] GetClientRect (in: hWnd=0x40376, lpRect=0x15eb40 | out: lpRect=0x15eb40) returned 1 [0246.464] GetWindowRect (in: hWnd=0x40376, lpRect=0x15eb40 | out: lpRect=0x15eb40) returned 1 [0246.465] SetWindowLongPtrW (hWnd=0x40376, nIndex=-8, dwNewLong=0x30384) returned 0x30384 [0246.480] GetSystemMetrics (nIndex=11) returned 32 [0246.480] GetSystemMetrics (nIndex=12) returned 32 [0246.480] GetDC (hWnd=0x0) returned 0x20105b1 [0246.480] GetDeviceCaps (hdc=0x20105b1, index=12) returned 32 [0246.480] GetDeviceCaps (hdc=0x20105b1, index=14) returned 1 [0246.481] ReleaseDC (hWnd=0x0, hDC=0x20105b1) returned 1 [0246.482] CreateIconFromResourceEx (presbits=0x229c5b0, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x80127 [0246.489] SendMessageW (hWnd=0x30384, Msg=0x80, wParam=0x1, lParam=0x80127) returned 0x0 [0246.489] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x80, wParam=0x1, lParam=0x80127) returned 0x0 [0246.495] SetWindowPos (hWnd=0x40376, hWndInsertAfter=0xffffffffffffffff, X=0, Y=0, cx=0, cy=0, uFlags=0x3) returned 1 [0246.496] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x46, wParam=0x0, lParam=0x15eae0) returned 0x0 [0246.496] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x46, wParam=0x0, lParam=0x15eae0) returned 0x0 [0246.507] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x46, wParam=0x0, lParam=0x15eae0) returned 0x0 [0246.507] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x46, wParam=0x0, lParam=0x15eae0) returned 0x0 [0246.515] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x47, wParam=0x0, lParam=0x15eae0) returned 0x0 [0246.519] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0246.519] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0246.519] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0246.520] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0246.520] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0246.521] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0246.535] OleInitialize (pvReserved=0x0) returned 0x80010106 [0246.576] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x15e5f8 | out: lplpMessageFilter=0x15e5f8*=0x0) returned 0x80004021 [0246.948] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0246.965] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0246.967] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0246.970] GetParent (hWnd=0x40376) returned 0x0 [0246.970] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0246.979] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0 [0246.979] GetWindowLongPtrW (hWnd=0x40376, nIndex=-16) returned 0x6c80000 [0246.980] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0246.980] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0246.981] GetSystemMetrics (nIndex=42) returned 0 [0246.982] GetWindowTextW (in: hWnd=0x40376, lpString=0x15e950, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0246.982] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15e950) returned 0xb [0246.982] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0246.982] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0246.983] GetSystemMetrics (nIndex=42) returned 0 [0246.983] GetWindowTextW (in: hWnd=0x40376, lpString=0x15e950, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0246.983] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15e950) returned 0xb [0246.983] GetCursorPos (in: lpPoint=0x22dddc8 | out: lpPoint=0x22dddc8*(x=229, y=581)) returned 1 [0246.983] MonitorFromPoint (pt=0x247000000e5, dwFlags=0x2) returned 0x10001 [0246.983] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x15e7e0 | out: lpmi=0x15e7e0) returned 1 [0246.984] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x570105ae [0246.985] GetDeviceCaps (hdc=0x570105ae, index=12) returned 32 [0246.985] GetDeviceCaps (hdc=0x570105ae, index=14) returned 1 [0246.985] DeleteDC (hdc=0x570105ae) returned 1 [0246.985] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x15e8b0 | out: lpmi=0x15e8b0) returned 1 [0246.986] GetWindowLongPtrW (hWnd=0x40376, nIndex=-16) returned 0x6c80000 [0246.986] GetWindowLongPtrW (hWnd=0x40376, nIndex=-20) returned 0x10101 [0246.986] SetWindowLongPtrW (hWnd=0x40376, nIndex=-16, dwNewLong=0x2c80000) returned 0x6c80000 [0246.987] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7c, wParam=0xfffffffffffffff0, lParam=0x15ea20) returned 0x0 [0246.989] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7d, wParam=0xfffffffffffffff0, lParam=0x15ea20) returned 0x0 [0246.990] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0246.991] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0246.991] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0246.992] SetWindowLongPtrW (hWnd=0x40376, nIndex=-20, dwNewLong=0x10001) returned 0x10101 [0246.992] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7c, wParam=0xffffffffffffffec, lParam=0x15ea20) returned 0x0 [0246.994] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7d, wParam=0xffffffffffffffec, lParam=0x15ea20) returned 0x0 [0246.995] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0246.995] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0246.996] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0246.996] SetWindowPos (hWnd=0x40376, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0246.996] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x46, wParam=0x0, lParam=0x15ea80) returned 0x0 [0246.997] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x83, wParam=0x1, lParam=0x15ea50) returned 0x0 [0246.998] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15e568 | out: lpwndpl=0x15e568) returned 1 [0246.998] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x47, wParam=0x0, lParam=0x15ea80) returned 0x0 [0246.998] GetClientRect (in: hWnd=0x40376, lpRect=0x15e430 | out: lpRect=0x15e430) returned 1 [0246.998] GetWindowRect (in: hWnd=0x40376, lpRect=0x15e430 | out: lpRect=0x15e430) returned 1 [0247.001] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0247.001] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0247.001] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0247.006] RedrawWindow (hWnd=0x40376, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0247.009] GetSystemMenu (hWnd=0x40376, bRevert=0) returned 0x1300e3 [0247.009] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15eaf8 | out: lpwndpl=0x15eaf8) returned 1 [0247.010] EnableMenuItem (hMenu=0x1300e3, uIDEnableItem=0xf020, uEnable=0x1) returned 1 [0247.010] EnableMenuItem (hMenu=0x1300e3, uIDEnableItem=0xf030, uEnable=0x1) returned 1 [0247.010] EnableMenuItem (hMenu=0x1300e3, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0247.010] EnableMenuItem (hMenu=0x1300e3, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0247.010] EnableMenuItem (hMenu=0x1300e3, uIDEnableItem=0xf000, uEnable=0x1) returned 1 [0247.010] ShowWindow (hWnd=0x40376, nCmdShow=5) returned 0 [0247.013] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0247.013] GetCurrentActCtx (in: lphActCtx=0x15e4a0 | out: lphActCtx=0x15e4a0*=0x61ce08) returned 1 [0247.015] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0247.015] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r6_ad1", lpWindowName=0x0, dwStyle=0x56000000, X=97, Y=19, nWidth=128, nHeight=149, hWndParent=0x40376, hMenu=0x0, hInstance=0x10000, lpParam=0x0) returned 0xf037a [0247.016] SetWindowLongPtrW (hWnd=0xf037a, nIndex=-4, dwNewLong=0x7ffaa540aa60) returned 0x1ad608dc [0247.017] GetWindowLongPtrW (hWnd=0xf037a, nIndex=-4) returned 0x7ffaa540aa60 [0247.018] SetWindowLongPtrW (hWnd=0xf037a, nIndex=-4, dwNewLong=0x1ad60f9c) returned 0x7ffaa540aa60 [0247.018] GetWindowLongPtrW (hWnd=0xf037a, nIndex=-4) returned 0x1ad60f9c [0247.018] GetWindowLongPtrW (hWnd=0xf037a, nIndex=-16) returned 0x46000000 [0247.018] GetWindowLongPtrW (hWnd=0xf037a, nIndex=-12) returned 0x0 [0247.018] SetWindowLongPtrW (hWnd=0xf037a, nIndex=-12, dwNewLong=0xf037a) returned 0x0 [0247.018] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0x81, wParam=0x0, lParam=0x15db30) returned 0x1 [0247.019] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0x83, wParam=0x0, lParam=0x15dbe0) returned 0x0 [0247.020] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0x1, wParam=0x0, lParam=0x15db30) returned 0x0 [0247.023] GetWindow (hWnd=0xf037a, uCmd=0x3) returned 0x0 [0247.023] GetClientRect (in: hWnd=0xf037a, lpRect=0x15d550 | out: lpRect=0x15d550) returned 1 [0247.028] GetWindowRect (in: hWnd=0xf037a, lpRect=0x15d550 | out: lpRect=0x15d550) returned 1 [0247.028] GetParent (hWnd=0xf037a) returned 0x40376 [0247.029] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d550, cPoints=0x2 | out: lpPoints=0x15d550) returned -14418160 [0247.032] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0x5, wParam=0x0, lParam=0x950080) returned 0x0 [0247.032] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0x3, wParam=0x0, lParam=0x130061) returned 0x0 [0247.032] GetClientRect (in: hWnd=0xf037a, lpRect=0x15d660 | out: lpRect=0x15d660) returned 1 [0247.032] GetWindowRect (in: hWnd=0xf037a, lpRect=0x15d660 | out: lpRect=0x15d660) returned 1 [0247.032] GetParent (hWnd=0xf037a) returned 0x40376 [0247.032] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d660, cPoints=0x2 | out: lpPoints=0x15d660) returned -14418160 [0247.038] SendMessageW (hWnd=0xf037a, Msg=0x2210, wParam=0x37a0001, lParam=0xf037a) returned 0x0 [0247.038] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0x2210, wParam=0x37a0001, lParam=0xf037a) returned 0x0 [0247.038] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0247.040] GetParent (hWnd=0xf037a) returned 0x40376 [0247.040] GetCurrentActCtx (in: lphActCtx=0x15e460 | out: lphActCtx=0x15e460*=0x61ce08) returned 1 [0247.041] GetClassInfoW (in: hInstance=0x0, lpClassName="EDIT", lpWndClass=0x22de3d8 | out: lpWndClass=0x22de3d8) returned 1 [0247.091] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0247.092] CoTaskMemAlloc (cb=0x52) returned 0x62c4a0 [0247.092] RegisterClassW (lpWndClass=0x15e140) returned 0xc1e6 [0247.092] CoTaskMemFree (pv=0x62c4a0) [0247.092] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0247.092] CreateWindowExW (dwExStyle=0x200, lpClassName="WindowsForms10.EDIT.app.0.141b42a_r6_ad1", lpWindowName="Your files can only be retrived by entering the correct password. \n\rIn order to get the password please by it in \n\rhttps://primearea.biz/product/235093/", dwStyle=0x56010845, X=57, Y=172, nWidth=209, nHeight=107, hWndParent=0x40376, hMenu=0x0, hInstance=0x10000, lpParam=0x0) returned 0x90252 [0247.093] SetWindowLongPtrW (hWnd=0x90252, nIndex=-4, dwNewLong=0x7ffa909a0db0) returned 0x1ad60fec [0247.093] GetWindowLongPtrW (hWnd=0x90252, nIndex=-4) returned 0x7ffa909a0db0 [0247.094] SetWindowLongPtrW (hWnd=0x90252, nIndex=-4, dwNewLong=0x1ad6103c) returned 0x7ffa909a0db0 [0247.094] GetWindowLongPtrW (hWnd=0x90252, nIndex=-4) returned 0x1ad6103c [0247.094] GetWindowLongPtrW (hWnd=0x90252, nIndex=-16) returned 0x46010845 [0247.094] GetWindowLongPtrW (hWnd=0x90252, nIndex=-12) returned 0x0 [0247.094] SetWindowLongPtrW (hWnd=0x90252, nIndex=-12, dwNewLong=0x90252) returned 0x0 [0247.095] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x81, wParam=0x0, lParam=0x15daf0) returned 0x1 [0247.099] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x83, wParam=0x0, lParam=0x15dba0) returned 0x0 [0247.100] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x1, wParam=0x0, lParam=0x15d9b0) returned 0x1 [0247.103] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x7c, wParam=0xfffffffffffffff0, lParam=0x15cea0) returned 0x0 [0247.104] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x7d, wParam=0xfffffffffffffff0, lParam=0x15cea0) returned 0x1 [0247.158] GetWindow (hWnd=0x90252, uCmd=0x3) returned 0xf037a [0247.158] GetClientRect (in: hWnd=0x90252, lpRect=0x15d380 | out: lpRect=0x15d380) returned 1 [0247.158] GetWindowRect (in: hWnd=0x90252, lpRect=0x15d380 | out: lpRect=0x15d380) returned 1 [0247.158] GetParent (hWnd=0x90252) returned 0x40376 [0247.158] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d380, cPoints=0x2 | out: lpPoints=0x15d380) returned -14418160 [0247.160] GetDC (hWnd=0x0) returned 0x580108aa [0247.160] GdipCreateFromHDC (hdc=0x580108aa, graphics=0x15d028) returned 0x0 [0247.161] CoTaskMemAlloc (cb=0x5c) returned 0x63abe0 [0247.161] GdipGetLogFontW (font=0x1c5721d0, graphics=0x1c5789b0, logfontW=0x63abe0) returned 0x0 [0247.161] CoTaskMemFree (pv=0x63abe0) [0247.161] CoTaskMemAlloc (cb=0x5c) returned 0x63a470 [0247.161] CoTaskMemFree (pv=0x63a470) [0247.162] CoTaskMemAlloc (cb=0x5c) returned 0x63aa90 [0247.162] CoTaskMemFree (pv=0x63aa90) [0247.162] GdipDeleteGraphics (graphics=0x1c5789b0) returned 0x0 [0247.162] ReleaseDC (hWnd=0x0, hDC=0x580108aa) returned 1 [0247.163] CoTaskMemAlloc (cb=0x5c) returned 0x63ab70 [0247.163] CreateFontIndirectW (lplf=0x63ab70) returned 0x5d0a05ae [0247.163] CoTaskMemFree (pv=0x63ab70) [0247.166] SendMessageW (hWnd=0x90252, Msg=0x30, wParam=0x5d0a05ae, lParam=0x0) returned 0x1 [0247.168] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x30, wParam=0x5d0a05ae, lParam=0x0) returned 0x1 [0247.223] SetWindowTextW (hWnd=0x90252, lpString="Your files can only be retrived by entering the correct password. \n\rIn order to get the password please by it in \n\rhttps://primearea.biz/product/235093/") returned 1 [0247.223] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0xc, wParam=0x0, lParam=0x211dfec) returned 0x1 [0247.224] GetSystemMetrics (nIndex=5) returned 1 [0247.224] GetSystemMetrics (nIndex=6) returned 1 [0247.224] SendMessageW (hWnd=0x90252, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0247.225] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0247.226] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x5, wParam=0x0, lParam=0x6700cd) returned 0x1 [0247.228] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x3, wParam=0x0, lParam=0xae003b) returned 0x0 [0247.228] GetClientRect (in: hWnd=0x90252, lpRect=0x15d5d0 | out: lpRect=0x15d5d0) returned 1 [0247.228] GetWindowRect (in: hWnd=0x90252, lpRect=0x15d5d0 | out: lpRect=0x15d5d0) returned 1 [0247.228] GetParent (hWnd=0x90252) returned 0x40376 [0247.228] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d5d0, cPoints=0x2 | out: lpPoints=0x15d5d0) returned -14418160 [0247.228] SendMessageW (hWnd=0x90252, Msg=0x2210, wParam=0x2520001, lParam=0x90252) returned 0x0 [0247.228] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x2210, wParam=0x2520001, lParam=0x90252) returned 0x0 [0247.229] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0247.229] GetParent (hWnd=0x90252) returned 0x40376 [0247.230] GetCurrentActCtx (in: lphActCtx=0x15e4a0 | out: lphActCtx=0x15e4a0*=0x61ce08) returned 1 [0247.230] GetClassInfoW (in: hInstance=0x0, lpClassName="STATIC", lpWndClass=0x22dec08 | out: lpWndClass=0x22dec08) returned 1 [0247.233] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0247.233] CoTaskMemAlloc (cb=0x56) returned 0x62c4a0 [0247.233] RegisterClassW (lpWndClass=0x15e180) returned 0xc1e7 [0247.234] CoTaskMemFree (pv=0x62c4a0) [0247.234] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0247.234] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r6_ad1", lpWindowName="Enter password:", dwStyle=0x5600000d, X=54, Y=296, nWidth=83, nHeight=13, hWndParent=0x40376, hMenu=0x0, hInstance=0x10000, lpParam=0x0) returned 0x5005c [0247.236] SetWindowLongPtrW (hWnd=0x5005c, nIndex=-4, dwNewLong=0x7ffa90a11cb0) returned 0x1ad6108c [0247.236] GetWindowLongPtrW (hWnd=0x5005c, nIndex=-4) returned 0x7ffa90a11cb0 [0247.236] SetWindowLongPtrW (hWnd=0x5005c, nIndex=-4, dwNewLong=0x1ad610dc) returned 0x7ffa90a11cb0 [0247.237] GetWindowLongPtrW (hWnd=0x5005c, nIndex=-4) returned 0x1ad610dc [0247.237] GetWindowLongPtrW (hWnd=0x5005c, nIndex=-16) returned 0x4600000d [0247.237] GetWindowLongPtrW (hWnd=0x5005c, nIndex=-12) returned 0x0 [0247.237] SetWindowLongPtrW (hWnd=0x5005c, nIndex=-12, dwNewLong=0x5005c) returned 0x0 [0247.237] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0x81, wParam=0x0, lParam=0x15db30) returned 0x1 [0247.239] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0x83, wParam=0x0, lParam=0x15dbe0) returned 0x0 [0247.240] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0x1, wParam=0x0, lParam=0x15db00) returned 0x0 [0247.241] GetWindow (hWnd=0x5005c, uCmd=0x3) returned 0x90252 [0247.241] GetClientRect (in: hWnd=0x5005c, lpRect=0x15d4a0 | out: lpRect=0x15d4a0) returned 1 [0247.242] GetWindowRect (in: hWnd=0x5005c, lpRect=0x15d4a0 | out: lpRect=0x15d4a0) returned 1 [0247.242] GetParent (hWnd=0x5005c) returned 0x40376 [0247.242] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d4a0, cPoints=0x2 | out: lpPoints=0x15d4a0) returned -14418160 [0247.244] SetWindowTextW (hWnd=0x5005c, lpString="Enter password:") returned 1 [0247.244] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0xc, wParam=0x0, lParam=0x2141774) returned 0x1 [0247.245] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0x5, wParam=0x0, lParam=0xd0053) returned 0x0 [0247.245] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0x3, wParam=0x0, lParam=0x1280036) returned 0x0 [0247.245] GetClientRect (in: hWnd=0x5005c, lpRect=0x15d5e0 | out: lpRect=0x15d5e0) returned 1 [0247.245] GetWindowRect (in: hWnd=0x5005c, lpRect=0x15d5e0 | out: lpRect=0x15d5e0) returned 1 [0247.245] GetParent (hWnd=0x5005c) returned 0x40376 [0247.245] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d5e0, cPoints=0x2 | out: lpPoints=0x15d5e0) returned -14418160 [0247.245] SendMessageW (hWnd=0x5005c, Msg=0x2210, wParam=0x5c0001, lParam=0x5005c) returned 0x0 [0247.245] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0x2210, wParam=0x5c0001, lParam=0x5005c) returned 0x0 [0247.246] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0247.246] GetParent (hWnd=0x5005c) returned 0x40376 [0247.246] GetCurrentActCtx (in: lphActCtx=0x15e4a0 | out: lphActCtx=0x15e4a0*=0x61ce08) returned 1 [0247.246] GetClassInfoW (in: hInstance=0x0, lpClassName="LISTBOX", lpWndClass=0x22df128 | out: lpWndClass=0x22df128) returned 1 [0247.248] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0247.248] CoTaskMemAlloc (cb=0x58) returned 0x62c260 [0247.249] RegisterClassW (lpWndClass=0x15e180) returned 0xc1e8 [0247.249] CoTaskMemFree (pv=0x62c260) [0247.249] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0247.249] CreateWindowExW (dwExStyle=0x200, lpClassName="WindowsForms10.LISTBOX.app.0.141b42a_r6_ad1", lpWindowName=0x0, dwStyle=0x563100c1, X=304, Y=49, nWidth=615, nHeight=355, hWndParent=0x40376, hMenu=0x0, hInstance=0x10000, lpParam=0x0) returned 0x60044 [0247.250] SetWindowLongPtrW (hWnd=0x60044, nIndex=-4, dwNewLong=0x7ffa9099e8e0) returned 0x1ad6112c [0247.250] GetWindowLongPtrW (hWnd=0x60044, nIndex=-4) returned 0x7ffa9099e8e0 [0247.250] SetWindowLongPtrW (hWnd=0x60044, nIndex=-4, dwNewLong=0x1ad6117c) returned 0x7ffa9099e8e0 [0247.251] GetWindowLongPtrW (hWnd=0x60044, nIndex=-4) returned 0x1ad6117c [0247.251] GetWindowLongPtrW (hWnd=0x60044, nIndex=-16) returned 0x463100c1 [0247.251] GetWindowLongPtrW (hWnd=0x60044, nIndex=-12) returned 0x0 [0247.251] SetWindowLongPtrW (hWnd=0x60044, nIndex=-12, dwNewLong=0x60044) returned 0x0 [0247.251] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x81, wParam=0x0, lParam=0x15db30) returned 0x1 [0247.252] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x83, wParam=0x0, lParam=0x15dbe0) returned 0x0 [0247.254] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x1, wParam=0x0, lParam=0x15db30) returned 0x1 [0247.257] GetWindow (hWnd=0x60044, uCmd=0x3) returned 0x5005c [0247.257] GetClientRect (in: hWnd=0x60044, lpRect=0x15d4d0 | out: lpRect=0x15d4d0) returned 1 [0247.257] GetWindowRect (in: hWnd=0x60044, lpRect=0x15d4d0 | out: lpRect=0x15d4d0) returned 1 [0247.257] GetParent (hWnd=0x60044) returned 0x40376 [0247.257] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d4d0, cPoints=0x2 | out: lpPoints=0x15d4d0) returned -14418160 [0247.257] GetWindowTextLengthW (hWnd=0x60044) returned 0 [0247.257] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0247.257] GetSystemMetrics (nIndex=42) returned 0 [0247.257] GetWindowTextW (in: hWnd=0x60044, lpString=0x15d140, nMaxCount=1 | out: lpString="") returned 0 [0247.257] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0xd, wParam=0x1, lParam=0x15d140) returned 0x0 [0247.259] InvalidateRect (hWnd=0x60044, lpRect=0x0, bErase=1) returned 1 [0247.260] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0247.260] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0247.260] GetSystemMetrics (nIndex=42) returned 0 [0247.260] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d1f0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0247.260] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d1f0) returned 0xb [0247.263] SendMessageW (hWnd=0x60044, Msg=0x30, wParam=0x4e0a0926, lParam=0x0) returned 0x0 [0247.263] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x30, wParam=0x4e0a0926, lParam=0x0) returned 0x0 [0247.273] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x46, wParam=0x0, lParam=0x15c5e0) returned 0x0 [0247.273] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x83, wParam=0x1, lParam=0x15c5b0) returned 0x0 [0247.275] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x47, wParam=0x0, lParam=0x15c5e0) returned 0x0 [0247.275] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x5, wParam=0x0, lParam=0x14e0263) returned 0x0 [0247.285] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x46, wParam=0x0, lParam=0x15acc0) returned 0x0 [0247.285] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x83, wParam=0x1, lParam=0x15ac90) returned 0x0 [0247.286] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x47, wParam=0x0, lParam=0x15acc0) returned 0x0 [0247.286] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x5, wParam=0x0, lParam=0x15f0263) returned 0x0 [0247.296] GetClientRect (in: hWnd=0x60044, lpRect=0x15a650 | out: lpRect=0x15a650) returned 1 [0247.296] GetWindowRect (in: hWnd=0x60044, lpRect=0x15a650 | out: lpRect=0x15a650) returned 1 [0247.296] GetParent (hWnd=0x60044) returned 0x40376 [0247.296] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15a650, cPoints=0x2 | out: lpPoints=0x15a650) returned -14418160 [0247.296] GetWindowTextLengthW (hWnd=0x60044) returned 0 [0247.296] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0247.296] GetSystemMetrics (nIndex=42) returned 0 [0247.297] GetWindowTextW (in: hWnd=0x60044, lpString=0x15a2c0, nMaxCount=1 | out: lpString="") returned 0 [0247.297] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0xd, wParam=0x1, lParam=0x15a2c0) returned 0x0 [0247.297] InvalidateRect (hWnd=0x60044, lpRect=0x0, bErase=1) returned 1 [0247.297] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0247.297] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0247.297] GetSystemMetrics (nIndex=42) returned 0 [0247.298] GetWindowTextW (in: hWnd=0x40376, lpString=0x15a370, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0247.298] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15a370) returned 0xb [0247.298] GetParent (hWnd=0x60044) returned 0x40376 [0247.303] GetClientRect (in: hWnd=0x60044, lpRect=0x15bf70 | out: lpRect=0x15bf70) returned 1 [0247.303] GetWindowRect (in: hWnd=0x60044, lpRect=0x15bf70 | out: lpRect=0x15bf70) returned 1 [0247.303] GetParent (hWnd=0x60044) returned 0x40376 [0247.303] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15bf70, cPoints=0x2 | out: lpPoints=0x15bf70) returned -14418160 [0247.303] GetParent (hWnd=0x60044) returned 0x40376 [0247.310] SendMessageW (hWnd=0x60044, Msg=0x1a5, wParam=0x409, lParam=0x0) returned 0x409 [0247.310] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x1a5, wParam=0x409, lParam=0x0) returned 0x409 [0247.320] CoCreateGuid (in: pguid=0x15c238 | out: pguid=0x15c238*(Data1=0x1a9d4d03, Data2=0xf89c, Data3=0x4a98, Data4=([0]=0x8e, [1]=0x11, [2]=0x30, [3]=0x40, [4]=0x9f, [5]=0x53, [6]=0xd3, [7]=0x62))) returned 0x0 [0247.320] CoCreateGuid (in: pguid=0x15c238 | out: pguid=0x15c238*(Data1=0x889a4039, Data2=0x9c82, Data3=0x45b1, Data4=([0]=0x99, [1]=0xf3, [2]=0x26, [3]=0x2b, [4]=0xbe, [5]=0x66, [6]=0x2d, [7]=0xca))) returned 0x0 [0247.321] CoCreateGuid (in: pguid=0x15c238 | out: pguid=0x15c238*(Data1=0x98c6ea1, Data2=0x720a, Data3=0x4d4b, Data4=([0]=0x9f, [1]=0x17, [2]=0xad, [3]=0x38, [4]=0x64, [5]=0x65, [6]=0xfc, [7]=0x91))) returned 0x0 [0247.321] CoCreateGuid (in: pguid=0x15c238 | out: pguid=0x15c238*(Data1=0xdb91e09, Data2=0xf877, Data3=0x4f81, Data4=([0]=0x94, [1]=0xad, [2]=0x75, [3]=0x7f, [4]=0xfd, [5]=0x33, [6]=0xbf, [7]=0x12))) returned 0x0 [0247.322] CoCreateGuid (in: pguid=0x15c238 | out: pguid=0x15c238*(Data1=0xe0c29fa6, Data2=0xaf6a, Data3=0x4c98, Data4=([0]=0x9a, [1]=0xde, [2]=0x4a, [3]=0xe0, [4]=0x3, [5]=0x91, [6]=0xe1, [7]=0xba))) returned 0x0 [0247.322] CoCreateGuid (in: pguid=0x15c238 | out: pguid=0x15c238*(Data1=0xac374f6e, Data2=0x894b, Data3=0x4751, Data4=([0]=0xa8, [1]=0x2, [2]=0x1, [3]=0xb1, [4]=0x54, [5]=0x8b, [6]=0x67, [7]=0xc3))) returned 0x0 [0247.322] CoCreateGuid (in: pguid=0x15c238 | out: pguid=0x15c238*(Data1=0x51fe11d2, Data2=0x15c5, Data3=0x48f9, Data4=([0]=0xa3, [1]=0x3a, [2]=0x50, [3]=0xb1, [4]=0x56, [5]=0xb3, [6]=0x3d, [7]=0x4))) returned 0x0 [0247.322] CoCreateGuid (in: pguid=0x15c238 | out: pguid=0x15c238*(Data1=0x73ef89dc, Data2=0xc855, Data3=0x4202, Data4=([0]=0x9a, [1]=0x7d, [2]=0xf6, [3]=0x29, [4]=0xeb, [5]=0x15, [6]=0x49, [7]=0x9b))) returned 0x0 [0247.322] CoCreateGuid (in: pguid=0x15c238 | out: pguid=0x15c238*(Data1=0xc0d884a5, Data2=0x5e04, Data3=0x4018, Data4=([0]=0x84, [1]=0x6f, [2]=0x38, [3]=0x42, [4]=0x57, [5]=0x29, [6]=0xab, [7]=0x84))) returned 0x0 [0247.322] CoCreateGuid (in: pguid=0x15c238 | out: pguid=0x15c238*(Data1=0x889a5348, Data2=0xc3c3, Data3=0x4914, Data4=([0]=0xa2, [1]=0x53, [2]=0xf7, [3]=0x54, [4]=0xf9, [5]=0x5, [6]=0xba, [7]=0xfe))) returned 0x0 [0247.322] CoCreateGuid (in: pguid=0x15c238 | out: pguid=0x15c238*(Data1=0x2f0b7f9, Data2=0x15ee, Data3=0x4d0a, Data4=([0]=0xa3, [1]=0x84, [2]=0x62, [3]=0xa0, [4]=0xc6, [5]=0x2, [6]=0x3b, [7]=0xe8))) returned 0x0 [0247.322] CoCreateGuid (in: pguid=0x15c238 | out: pguid=0x15c238*(Data1=0x5e8b1208, Data2=0x5f9e, Data3=0x4c85, Data4=([0]=0xb2, [1]=0xa7, [2]=0x8c, [3]=0x90, [4]=0x9a, [5]=0x39, [6]=0x11, [7]=0x35))) returned 0x0 [0247.342] CoCreateGuid (in: pguid=0x15c398 | out: pguid=0x15c398*(Data1=0x271ce4f5, Data2=0x6642, Data3=0x410a, Data4=([0]=0xa5, [1]=0x40, [2]=0x39, [3]=0x6a, [4]=0x30, [5]=0x79, [6]=0xd5, [7]=0xfd))) returned 0x0 [0247.342] CoCreateGuid (in: pguid=0x15c398 | out: pguid=0x15c398*(Data1=0x694a8038, Data2=0xda13, Data3=0x47e9, Data4=([0]=0x8d, [1]=0x4a, [2]=0xc7, [3]=0xa7, [4]=0x8f, [5]=0xbb, [6]=0x4, [7]=0x4))) returned 0x0 [0247.342] CoCreateGuid (in: pguid=0x15c398 | out: pguid=0x15c398*(Data1=0x4867e059, Data2=0xc187, Data3=0x4c6f, Data4=([0]=0xb7, [1]=0x8b, [2]=0x42, [3]=0xfe, [4]=0xba, [5]=0xd5, [6]=0xf, [7]=0xec))) returned 0x0 [0247.426] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a06c) returned 0x0 [0247.426] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a06c) returned 0x0 [0247.426] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a0cc) returned 0x1 [0247.426] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a0cc) returned 0x1 [0247.431] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a184) returned 0x2 [0247.431] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a184) returned 0x2 [0247.435] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a254) returned 0x3 [0247.435] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a254) returned 0x3 [0247.439] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a324) returned 0x4 [0247.439] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a324) returned 0x4 [0247.443] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a3f4) returned 0x5 [0247.443] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a3f4) returned 0x5 [0247.448] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a4c4) returned 0x6 [0247.448] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a4c4) returned 0x6 [0247.452] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a594) returned 0x7 [0247.452] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a594) returned 0x7 [0247.457] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a664) returned 0x8 [0247.457] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a664) returned 0x8 [0247.473] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a73c) returned 0x9 [0247.473] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a73c) returned 0x9 [0247.478] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a7ec) returned 0xa [0247.478] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a7ec) returned 0xa [0247.482] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a8cc) returned 0xb [0247.483] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a8cc) returned 0xb [0247.488] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a9ac) returned 0xc [0247.488] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210a9ac) returned 0xc [0247.494] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210aa9c) returned 0xd [0247.494] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210aa9c) returned 0xd [0247.499] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ab94) returned 0xe [0247.499] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ab94) returned 0xe [0247.504] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ac7c) returned 0xf [0247.504] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ac7c) returned 0xf [0247.510] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ad5c) returned 0x10 [0247.510] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ad5c) returned 0x10 [0247.516] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ae44) returned 0x11 [0247.516] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ae44) returned 0x11 [0247.521] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210af2c) returned 0x12 [0247.521] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210af2c) returned 0x12 [0247.533] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210affc) returned 0x13 [0247.534] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210affc) returned 0x13 [0247.538] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b104) returned 0x14 [0247.538] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b104) returned 0x14 [0247.577] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b204) returned 0x15 [0247.577] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b204) returned 0x15 [0247.582] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b27c) returned 0x16 [0247.582] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b27c) returned 0x16 [0247.587] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b2fc) returned 0x17 [0247.587] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b2fc) returned 0x17 [0247.652] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b374) returned 0x18 [0247.652] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b374) returned 0x18 [0247.661] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b3ec) returned 0x19 [0247.661] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b3ec) returned 0x19 [0247.667] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b464) returned 0x1a [0247.667] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b464) returned 0x1a [0247.673] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b4ec) returned 0x1b [0247.673] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b4ec) returned 0x1b [0247.674] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x46, wParam=0x0, lParam=0x15c770) returned 0x0 [0247.674] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x83, wParam=0x1, lParam=0x15c740) returned 0x0 [0247.676] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x47, wParam=0x0, lParam=0x15c770) returned 0x0 [0247.676] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x5, wParam=0x0, lParam=0x15f0252) returned 0x0 [0247.694] GetClientRect (in: hWnd=0x60044, lpRect=0x15c100 | out: lpRect=0x15c100) returned 1 [0247.694] GetWindowRect (in: hWnd=0x60044, lpRect=0x15c100 | out: lpRect=0x15c100) returned 1 [0247.694] GetParent (hWnd=0x60044) returned 0x40376 [0247.695] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15c100, cPoints=0x2 | out: lpPoints=0x15c100) returned -14418160 [0247.695] GetWindowTextLengthW (hWnd=0x60044) returned 0 [0247.695] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0247.695] GetSystemMetrics (nIndex=42) returned 0 [0247.695] GetWindowTextW (in: hWnd=0x60044, lpString=0x15bd70, nMaxCount=1 | out: lpString="") returned 0 [0247.695] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0xd, wParam=0x1, lParam=0x15bd70) returned 0x0 [0247.697] InvalidateRect (hWnd=0x60044, lpRect=0x0, bErase=1) returned 1 [0247.697] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0247.697] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0247.697] GetSystemMetrics (nIndex=42) returned 0 [0247.697] GetWindowTextW (in: hWnd=0x40376, lpString=0x15be20, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0247.697] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15be20) returned 0xb [0247.698] GetParent (hWnd=0x60044) returned 0x40376 [0247.705] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b564) returned 0x1c [0247.705] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b564) returned 0x1c [0247.747] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b5f4) returned 0x1d [0247.747] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b5f4) returned 0x1d [0247.751] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b67c) returned 0x1e [0247.752] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b67c) returned 0x1e [0247.756] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b6f4) returned 0x1f [0247.756] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b6f4) returned 0x1f [0247.774] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b774) returned 0x20 [0247.774] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b774) returned 0x20 [0247.779] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b7e4) returned 0x21 [0247.779] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b7e4) returned 0x21 [0247.783] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b85c) returned 0x22 [0247.783] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b85c) returned 0x22 [0247.795] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b8e4) returned 0x23 [0247.795] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b8e4) returned 0x23 [0247.799] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b974) returned 0x24 [0247.799] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b974) returned 0x24 [0247.803] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b9f4) returned 0x25 [0247.803] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210b9f4) returned 0x25 [0247.808] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ba7c) returned 0x26 [0247.808] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ba7c) returned 0x26 [0247.812] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210baf4) returned 0x27 [0247.812] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210baf4) returned 0x27 [0247.816] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210bbcc) returned 0x28 [0247.816] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210bbcc) returned 0x28 [0247.821] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210bca4) returned 0x29 [0247.822] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210bca4) returned 0x29 [0247.825] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210bd7c) returned 0x2a [0247.826] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210bd7c) returned 0x2a [0247.829] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210be7c) returned 0x2b [0247.830] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210be7c) returned 0x2b [0247.834] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210bf6c) returned 0x2c [0247.834] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210bf6c) returned 0x2c [0247.931] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c06c) returned 0x2d [0247.931] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c06c) returned 0x2d [0247.935] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c14c) returned 0x2e [0247.935] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c14c) returned 0x2e [0247.939] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c20c) returned 0x2f [0247.939] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c20c) returned 0x2f [0247.943] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c2cc) returned 0x30 [0247.943] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c2cc) returned 0x30 [0247.949] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c374) returned 0x31 [0247.949] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c374) returned 0x31 [0247.953] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c434) returned 0x32 [0247.953] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c434) returned 0x32 [0247.957] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c4e4) returned 0x33 [0247.957] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c4e4) returned 0x33 [0247.960] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c5a4) returned 0x34 [0247.961] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c5a4) returned 0x34 [0247.971] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c64c) returned 0x35 [0247.971] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c64c) returned 0x35 [0247.974] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c6f4) returned 0x36 [0247.974] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c6f4) returned 0x36 [0247.987] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c7b4) returned 0x37 [0247.987] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c7b4) returned 0x37 [0247.992] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c85c) returned 0x38 [0247.992] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c85c) returned 0x38 [0247.997] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c904) returned 0x39 [0247.997] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c904) returned 0x39 [0248.002] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c9bc) returned 0x3a [0248.002] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210c9bc) returned 0x3a [0248.005] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ca8c) returned 0x3b [0248.006] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ca8c) returned 0x3b [0248.019] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210cb4c) returned 0x3c [0248.019] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210cb4c) returned 0x3c [0248.031] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210cc14) returned 0x3d [0248.031] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210cc14) returned 0x3d [0248.044] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210cccc) returned 0x3e [0248.044] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210cccc) returned 0x3e [0248.048] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210cd7c) returned 0x3f [0248.048] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210cd7c) returned 0x3f [0248.055] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ce3c) returned 0x40 [0248.055] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ce3c) returned 0x40 [0248.060] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210cefc) returned 0x41 [0248.060] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210cefc) returned 0x41 [0248.065] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210cfb4) returned 0x42 [0248.065] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210cfb4) returned 0x42 [0248.069] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d06c) returned 0x43 [0248.069] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d06c) returned 0x43 [0248.077] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d114) returned 0x44 [0248.078] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d114) returned 0x44 [0248.083] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d1c4) returned 0x45 [0248.083] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d1c4) returned 0x45 [0248.089] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d274) returned 0x46 [0248.089] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d274) returned 0x46 [0248.094] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d324) returned 0x47 [0248.094] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d324) returned 0x47 [0248.099] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d3e4) returned 0x48 [0248.099] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d3e4) returned 0x48 [0248.103] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d4ac) returned 0x49 [0248.103] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d4ac) returned 0x49 [0248.107] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d554) returned 0x4a [0248.107] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d554) returned 0x4a [0248.113] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d60c) returned 0x4b [0248.113] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d60c) returned 0x4b [0248.119] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d6b4) returned 0x4c [0248.119] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d6b4) returned 0x4c [0248.124] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d77c) returned 0x4d [0248.125] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d77c) returned 0x4d [0248.128] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d844) returned 0x4e [0248.128] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d844) returned 0x4e [0248.132] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d904) returned 0x4f [0248.132] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d904) returned 0x4f [0248.139] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d9ac) returned 0x50 [0248.139] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210d9ac) returned 0x50 [0248.143] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210da54) returned 0x51 [0248.143] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210da54) returned 0x51 [0248.146] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210db14) returned 0x52 [0248.146] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210db14) returned 0x52 [0248.153] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210dbc4) returned 0x53 [0248.153] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210dbc4) returned 0x53 [0248.159] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210dc84) returned 0x54 [0248.159] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210dc84) returned 0x54 [0248.166] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210dd54) returned 0x55 [0248.166] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210dd54) returned 0x55 [0248.170] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210de1c) returned 0x56 [0248.170] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210de1c) returned 0x56 [0248.175] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ded4) returned 0x57 [0248.175] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ded4) returned 0x57 [0248.182] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210df84) returned 0x58 [0248.183] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210df84) returned 0x58 [0248.187] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e02c) returned 0x59 [0248.187] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e02c) returned 0x59 [0248.192] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e0d4) returned 0x5a [0248.192] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e0d4) returned 0x5a [0248.204] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e17c) returned 0x5b [0248.204] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e17c) returned 0x5b [0248.208] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e23c) returned 0x5c [0248.208] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e23c) returned 0x5c [0248.213] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e304) returned 0x5d [0248.213] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e304) returned 0x5d [0248.218] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e3ac) returned 0x5e [0248.218] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e3ac) returned 0x5e [0248.222] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e464) returned 0x5f [0248.222] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e464) returned 0x5f [0248.227] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e504) returned 0x60 [0248.227] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e504) returned 0x60 [0248.231] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e684) returned 0x61 [0248.231] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e684) returned 0x61 [0248.235] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e744) returned 0x62 [0248.235] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e744) returned 0x62 [0248.238] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e80c) returned 0x63 [0248.238] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e80c) returned 0x63 [0248.242] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e8bc) returned 0x64 [0248.243] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e8bc) returned 0x64 [0248.246] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e97c) returned 0x65 [0248.246] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210e97c) returned 0x65 [0248.248] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ea24) returned 0x66 [0248.248] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ea24) returned 0x66 [0248.251] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210eaec) returned 0x67 [0248.251] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210eaec) returned 0x67 [0248.255] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210eba4) returned 0x68 [0248.255] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210eba4) returned 0x68 [0248.259] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ec5c) returned 0x69 [0248.259] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ec5c) returned 0x69 [0248.263] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ed04) returned 0x6a [0248.263] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ed04) returned 0x6a [0248.267] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210edcc) returned 0x6b [0248.267] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210edcc) returned 0x6b [0248.269] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ee8c) returned 0x6c [0248.269] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ee8c) returned 0x6c [0248.272] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ef5c) returned 0x6d [0248.272] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ef5c) returned 0x6d [0248.278] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f00c) returned 0x6e [0248.278] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f00c) returned 0x6e [0248.281] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f0c4) returned 0x6f [0248.281] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f0c4) returned 0x6f [0248.284] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f184) returned 0x70 [0248.284] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f184) returned 0x70 [0248.288] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f23c) returned 0x71 [0248.288] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f23c) returned 0x71 [0248.294] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f30c) returned 0x72 [0248.295] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f30c) returned 0x72 [0248.300] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f3bc) returned 0x73 [0248.300] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f3bc) returned 0x73 [0248.303] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f464) returned 0x74 [0248.303] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f464) returned 0x74 [0248.307] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f524) returned 0x75 [0248.307] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f524) returned 0x75 [0248.310] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f5e4) returned 0x76 [0248.310] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f5e4) returned 0x76 [0248.314] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f74c) returned 0x77 [0248.314] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f74c) returned 0x77 [0248.317] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f80c) returned 0x78 [0248.317] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f80c) returned 0x78 [0248.323] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f8dc) returned 0x79 [0248.323] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f8dc) returned 0x79 [0248.326] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f984) returned 0x7a [0248.326] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210f984) returned 0x7a [0248.330] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210fa44) returned 0x7b [0248.330] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210fa44) returned 0x7b [0248.333] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210faec) returned 0x7c [0248.333] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210faec) returned 0x7c [0248.337] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210fb94) returned 0x7d [0248.337] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210fb94) returned 0x7d [0248.340] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210fc44) returned 0x7e [0248.340] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210fc44) returned 0x7e [0248.344] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210fd0c) returned 0x7f [0248.344] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210fd0c) returned 0x7f [0248.353] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210fdb4) returned 0x80 [0248.353] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210fdb4) returned 0x80 [0248.356] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210fe6c) returned 0x81 [0248.356] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210fe6c) returned 0x81 [0248.359] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ff24) returned 0x82 [0248.359] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ff24) returned 0x82 [0248.362] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ffdc) returned 0x83 [0248.362] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x210ffdc) returned 0x83 [0248.365] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211008c) returned 0x84 [0248.365] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211008c) returned 0x84 [0248.370] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211014c) returned 0x85 [0248.370] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211014c) returned 0x85 [0248.374] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21101f4) returned 0x86 [0248.374] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21101f4) returned 0x86 [0248.378] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21102a4) returned 0x87 [0248.378] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21102a4) returned 0x87 [0248.381] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211034c) returned 0x88 [0248.381] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211034c) returned 0x88 [0248.385] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110414) returned 0x89 [0248.385] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110414) returned 0x89 [0248.388] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21104cc) returned 0x8a [0248.388] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21104cc) returned 0x8a [0248.392] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110584) returned 0x8b [0248.392] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110584) returned 0x8b [0248.395] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211063c) returned 0x8c [0248.395] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211063c) returned 0x8c [0248.401] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21106ec) returned 0x8d [0248.401] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21106ec) returned 0x8d [0248.404] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21107a4) returned 0x8e [0248.404] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21107a4) returned 0x8e [0248.408] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110854) returned 0x8f [0248.408] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110854) returned 0x8f [0248.509] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21108fc) returned 0x90 [0248.509] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21108fc) returned 0x90 [0248.513] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21109bc) returned 0x91 [0248.513] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21109bc) returned 0x91 [0248.519] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110a8c) returned 0x92 [0248.519] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110a8c) returned 0x92 [0248.524] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110b4c) returned 0x93 [0248.524] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110b4c) returned 0x93 [0248.528] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110bfc) returned 0x94 [0248.528] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110bfc) returned 0x94 [0248.532] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110cb4) returned 0x95 [0248.532] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110cb4) returned 0x95 [0248.536] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110d74) returned 0x96 [0248.536] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110d74) returned 0x96 [0248.568] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110e2c) returned 0x97 [0248.568] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110e2c) returned 0x97 [0248.572] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110eec) returned 0x98 [0248.572] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110eec) returned 0x98 [0248.576] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110fa4) returned 0x99 [0248.576] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2110fa4) returned 0x99 [0248.606] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111054) returned 0x9a [0248.606] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111054) returned 0x9a [0248.610] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111104) returned 0x9b [0248.610] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111104) returned 0x9b [0248.615] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21111b4) returned 0x9c [0248.615] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21111b4) returned 0x9c [0248.626] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211125c) returned 0x9d [0248.627] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211125c) returned 0x9d [0248.636] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211130c) returned 0x9e [0248.636] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211130c) returned 0x9e [0248.641] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21113bc) returned 0x9f [0248.641] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21113bc) returned 0x9f [0248.646] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211147c) returned 0xa0 [0248.647] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211147c) returned 0xa0 [0248.654] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211153c) returned 0xa1 [0248.654] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211153c) returned 0xa1 [0248.658] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111604) returned 0xa2 [0248.658] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111604) returned 0xa2 [0248.662] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21116c4) returned 0xa3 [0248.662] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21116c4) returned 0xa3 [0248.666] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111774) returned 0xa4 [0248.666] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111774) returned 0xa4 [0248.670] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111824) returned 0xa5 [0248.670] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111824) returned 0xa5 [0248.673] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21118d4) returned 0xa6 [0248.673] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21118d4) returned 0xa6 [0248.676] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111984) returned 0xa7 [0248.677] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111984) returned 0xa7 [0248.681] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111a34) returned 0xa8 [0248.681] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111a34) returned 0xa8 [0248.685] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111ae4) returned 0xa9 [0248.685] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111ae4) returned 0xa9 [0248.690] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111bac) returned 0xaa [0248.690] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111bac) returned 0xaa [0248.693] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111c74) returned 0xab [0248.693] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111c74) returned 0xab [0248.698] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111d24) returned 0xac [0248.698] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111d24) returned 0xac [0248.702] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111dd4) returned 0xad [0248.702] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111dd4) returned 0xad [0248.705] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111e7c) returned 0xae [0248.705] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111e7c) returned 0xae [0248.709] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111f24) returned 0xaf [0248.709] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111f24) returned 0xaf [0248.713] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111fd4) returned 0xb0 [0248.713] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2111fd4) returned 0xb0 [0248.716] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112084) returned 0xb1 [0248.716] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112084) returned 0xb1 [0248.720] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211214c) returned 0xb2 [0248.720] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211214c) returned 0xb2 [0248.723] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21121fc) returned 0xb3 [0248.723] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21121fc) returned 0xb3 [0248.729] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21122ac) returned 0xb4 [0248.729] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21122ac) returned 0xb4 [0248.732] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211236c) returned 0xb5 [0248.732] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211236c) returned 0xb5 [0248.735] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112434) returned 0xb6 [0248.735] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112434) returned 0xb6 [0248.738] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21124dc) returned 0xb7 [0248.738] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21124dc) returned 0xb7 [0248.741] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211258c) returned 0xb8 [0248.741] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211258c) returned 0xb8 [0248.745] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211264c) returned 0xb9 [0248.745] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211264c) returned 0xb9 [0248.748] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211270c) returned 0xba [0248.748] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211270c) returned 0xba [0248.751] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21127cc) returned 0xbb [0248.751] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21127cc) returned 0xbb [0248.755] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211287c) returned 0xbc [0248.755] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211287c) returned 0xbc [0248.766] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112944) returned 0xbd [0248.766] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112944) returned 0xbd [0248.770] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21129f4) returned 0xbe [0248.770] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21129f4) returned 0xbe [0248.773] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112aa4) returned 0xbf [0248.773] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112aa4) returned 0xbf [0248.777] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112b5c) returned 0xc0 [0248.777] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112b5c) returned 0xc0 [0248.780] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112c24) returned 0xc1 [0248.780] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112c24) returned 0xc1 [0248.783] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112ce4) returned 0xc2 [0248.783] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112ce4) returned 0xc2 [0248.786] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112dac) returned 0xc3 [0248.786] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112dac) returned 0xc3 [0248.795] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112e5c) returned 0xc4 [0248.795] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112e5c) returned 0xc4 [0248.798] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112f0c) returned 0xc5 [0248.798] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112f0c) returned 0xc5 [0248.807] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112fd4) returned 0xc6 [0248.807] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2112fd4) returned 0xc6 [0248.811] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211308c) returned 0xc7 [0248.811] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211308c) returned 0xc7 [0248.816] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211316c) returned 0xc8 [0248.816] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211316c) returned 0xc8 [0248.820] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211324c) returned 0xc9 [0248.821] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211324c) returned 0xc9 [0248.825] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113344) returned 0xca [0248.825] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113344) returned 0xca [0248.829] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113434) returned 0xcb [0248.829] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113434) returned 0xcb [0248.833] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211352c) returned 0xcc [0248.833] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211352c) returned 0xcc [0248.838] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211361c) returned 0xcd [0248.838] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211361c) returned 0xcd [0248.844] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21136fc) returned 0xce [0248.844] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21136fc) returned 0xce [0248.848] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21137e4) returned 0xcf [0248.848] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21137e4) returned 0xcf [0248.855] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21138cc) returned 0xd0 [0248.855] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21138cc) returned 0xd0 [0248.860] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21139a4) returned 0xd1 [0248.860] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21139a4) returned 0xd1 [0248.864] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113ab4) returned 0xd2 [0248.864] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113ab4) returned 0xd2 [0248.869] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113bb4) returned 0xd3 [0248.869] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113bb4) returned 0xd3 [0248.874] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113c9c) returned 0xd4 [0248.874] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113c9c) returned 0xd4 [0248.878] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113d1c) returned 0xd5 [0248.878] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113d1c) returned 0xd5 [0248.882] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113d8c) returned 0xd6 [0248.882] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113d8c) returned 0xd6 [0248.892] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113e0c) returned 0xd7 [0248.892] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113e0c) returned 0xd7 [0248.896] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113e7c) returned 0xd8 [0248.896] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113e7c) returned 0xd8 [0248.902] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113fcc) returned 0xd9 [0248.902] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2113fcc) returned 0xd9 [0248.906] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211404c) returned 0xda [0248.906] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211404c) returned 0xda [0248.910] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21140c4) returned 0xdb [0248.910] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21140c4) returned 0xdb [0248.915] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211412c) returned 0xdc [0248.915] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211412c) returned 0xdc [0248.919] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211419c) returned 0xdd [0248.919] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211419c) returned 0xdd [0248.923] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114204) returned 0xde [0248.923] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114204) returned 0xde [0248.928] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211427c) returned 0xdf [0248.929] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211427c) returned 0xdf [0248.933] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21142e4) returned 0xe0 [0248.933] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21142e4) returned 0xe0 [0248.938] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114354) returned 0xe1 [0248.938] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114354) returned 0xe1 [0248.942] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21143d4) returned 0xe2 [0248.942] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21143d4) returned 0xe2 [0248.950] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114454) returned 0xe3 [0248.950] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114454) returned 0xe3 [0248.954] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21144bc) returned 0xe4 [0248.954] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21144bc) returned 0xe4 [0248.958] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211452c) returned 0xe5 [0248.958] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211452c) returned 0xe5 [0248.962] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21145b4) returned 0xe6 [0248.962] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21145b4) returned 0xe6 [0248.965] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114634) returned 0xe7 [0248.965] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114634) returned 0xe7 [0248.975] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21146bc) returned 0xe8 [0248.975] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21146bc) returned 0xe8 [0248.981] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211473c) returned 0xe9 [0248.981] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211473c) returned 0xe9 [0248.988] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21147cc) returned 0xea [0248.988] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21147cc) returned 0xea [0248.991] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114844) returned 0xeb [0248.991] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114844) returned 0xeb [0248.996] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21148bc) returned 0xec [0248.996] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21148bc) returned 0xec [0248.999] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114944) returned 0xed [0248.999] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114944) returned 0xed [0249.004] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21149cc) returned 0xee [0249.004] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21149cc) returned 0xee [0249.008] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114a54) returned 0xef [0249.009] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114a54) returned 0xef [0249.019] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114abc) returned 0xf0 [0249.019] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114abc) returned 0xf0 [0249.022] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114b44) returned 0xf1 [0249.022] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114b44) returned 0xf1 [0249.035] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114bcc) returned 0xf2 [0249.035] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114bcc) returned 0xf2 [0249.039] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114c4c) returned 0xf3 [0249.039] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114c4c) returned 0xf3 [0249.043] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114cbc) returned 0xf4 [0249.043] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114cbc) returned 0xf4 [0249.047] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114d34) returned 0xf5 [0249.047] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114d34) returned 0xf5 [0249.051] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114dbc) returned 0xf6 [0249.051] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114dbc) returned 0xf6 [0249.055] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114e2c) returned 0xf7 [0249.055] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114e2c) returned 0xf7 [0249.065] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114ea4) returned 0xf8 [0249.065] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114ea4) returned 0xf8 [0249.068] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114f14) returned 0xf9 [0249.068] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2114f14) returned 0xf9 [0249.073] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2115f94) returned 0xfa [0249.073] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2115f94) returned 0xfa [0249.077] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211600c) returned 0xfb [0249.077] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211600c) returned 0xfb [0249.081] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116094) returned 0xfc [0249.081] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116094) returned 0xfc [0249.085] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116124) returned 0xfd [0249.085] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116124) returned 0xfd [0249.089] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21161bc) returned 0xfe [0249.089] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21161bc) returned 0xfe [0249.092] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116244) returned 0xff [0249.092] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116244) returned 0xff [0249.096] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21162cc) returned 0x100 [0249.096] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21162cc) returned 0x100 [0249.099] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116374) returned 0x101 [0249.099] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116374) returned 0x101 [0249.112] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21163fc) returned 0x102 [0249.112] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21163fc) returned 0x102 [0249.116] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21164ac) returned 0x103 [0249.116] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21164ac) returned 0x103 [0249.121] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116554) returned 0x104 [0249.121] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116554) returned 0x104 [0249.125] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211660c) returned 0x105 [0249.125] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211660c) returned 0x105 [0249.129] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21166ac) returned 0x106 [0249.129] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21166ac) returned 0x106 [0249.133] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116764) returned 0x107 [0249.134] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116764) returned 0x107 [0249.137] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116814) returned 0x108 [0249.137] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116814) returned 0x108 [0249.141] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211687c) returned 0x109 [0249.141] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211687c) returned 0x109 [0249.144] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21168e4) returned 0x10a [0249.145] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21168e4) returned 0x10a [0249.149] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116984) returned 0x10b [0249.149] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116984) returned 0x10b [0249.155] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116a24) returned 0x10c [0249.155] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116a24) returned 0x10c [0249.159] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116adc) returned 0x10d [0249.159] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116adc) returned 0x10d [0249.163] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116b8c) returned 0x10e [0249.163] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116b8c) returned 0x10e [0249.168] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116c54) returned 0x10f [0249.168] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116c54) returned 0x10f [0249.172] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116d14) returned 0x110 [0249.172] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116d14) returned 0x110 [0249.176] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116dec) returned 0x111 [0249.176] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116dec) returned 0x111 [0249.180] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116eac) returned 0x112 [0249.180] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116eac) returned 0x112 [0249.184] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116f4c) returned 0x113 [0249.184] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2116f4c) returned 0x113 [0249.188] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117004) returned 0x114 [0249.188] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117004) returned 0x114 [0249.192] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21170b4) returned 0x115 [0249.192] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21170b4) returned 0x115 [0249.196] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211715c) returned 0x116 [0249.196] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211715c) returned 0x116 [0249.206] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117224) returned 0x117 [0249.206] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117224) returned 0x117 [0249.210] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117294) returned 0x118 [0249.210] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117294) returned 0x118 [0249.214] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117314) returned 0x119 [0249.214] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117314) returned 0x119 [0249.218] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211738c) returned 0x11a [0249.218] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211738c) returned 0x11a [0249.222] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117404) returned 0x11b [0249.222] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117404) returned 0x11b [0249.226] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211747c) returned 0x11c [0249.226] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211747c) returned 0x11c [0249.230] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21174f4) returned 0x11d [0249.230] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21174f4) returned 0x11d [0249.234] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211756c) returned 0x11e [0249.234] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211756c) returned 0x11e [0249.277] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117614) returned 0x11f [0249.277] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117614) returned 0x11f [0249.280] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21176ac) returned 0x120 [0249.280] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21176ac) returned 0x120 [0249.285] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211773c) returned 0x121 [0249.285] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211773c) returned 0x121 [0249.292] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21177e4) returned 0x122 [0249.292] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21177e4) returned 0x122 [0249.296] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211788c) returned 0x123 [0249.296] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211788c) returned 0x123 [0249.302] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211794c) returned 0x124 [0249.302] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211794c) returned 0x124 [0249.308] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21179f4) returned 0x125 [0249.308] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21179f4) returned 0x125 [0249.312] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117aa4) returned 0x126 [0249.312] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117aa4) returned 0x126 [0249.356] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117b5c) returned 0x127 [0249.356] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117b5c) returned 0x127 [0249.360] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117c04) returned 0x128 [0249.360] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117c04) returned 0x128 [0249.364] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117cbc) returned 0x129 [0249.364] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117cbc) returned 0x129 [0249.370] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117d84) returned 0x12a [0249.370] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117d84) returned 0x12a [0249.373] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117e54) returned 0x12b [0249.373] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117e54) returned 0x12b [0249.378] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117f24) returned 0x12c [0249.378] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117f24) returned 0x12c [0249.381] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117ff4) returned 0x12d [0249.381] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2117ff4) returned 0x12d [0249.386] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21180ec) returned 0x12e [0249.386] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21180ec) returned 0x12e [0249.389] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21181d4) returned 0x12f [0249.390] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21181d4) returned 0x12f [0249.408] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21182cc) returned 0x130 [0249.408] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21182cc) returned 0x130 [0249.413] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21183c4) returned 0x131 [0249.413] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21183c4) returned 0x131 [0249.418] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211844c) returned 0x132 [0249.418] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211844c) returned 0x132 [0249.422] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21184c4) returned 0x133 [0249.422] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21184c4) returned 0x133 [0249.425] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211854c) returned 0x134 [0249.425] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211854c) returned 0x134 [0249.430] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21185ac) returned 0x135 [0249.430] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21185ac) returned 0x135 [0249.434] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2118634) returned 0x136 [0249.434] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2118634) returned 0x136 [0249.439] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21186a4) returned 0x137 [0249.439] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21186a4) returned 0x137 [0249.443] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211872c) returned 0x138 [0249.443] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211872c) returned 0x138 [0249.449] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21187b4) returned 0x139 [0249.449] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21187b4) returned 0x139 [0249.452] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2118824) returned 0x13a [0249.452] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x2118824) returned 0x13a [0249.456] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21188a4) returned 0x13b [0249.456] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21188a4) returned 0x13b [0249.463] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211891c) returned 0x13c [0249.463] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211891c) returned 0x13c [0249.467] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211898c) returned 0x13d [0249.467] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x211898c) returned 0x13d [0249.471] SendMessageW (hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21189ec) returned 0x13e [0249.471] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x180, wParam=0x0, lParam=0x21189ec) returned 0x13e [0249.482] SelectObject (hdc=0xffffffff960106e3, h=0x3b0a05b0) returned 0x650a05af [0249.482] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Recovery\\WindowsRE\\ReAgent.xml", cchText=33, lprc=0x15d2d8, format=0x420, lpdtp=0x21e0e08 | out: lpchText="C:\\Recovery\\WindowsRE\\ReAgent.xml", lprc=0x15d2d8) returned 13 [0249.483] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Setup.exe", cchText=79, lprc=0x15d2d8, format=0x420, lpdtp=0x21e0e58 | out: lpchText="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Setup.exe", lprc=0x15d2d8) returned 13 [0249.483] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe", cchText=88, lprc=0x15d2d8, format=0x420, lpdtp=0x21e0e80 | out: lpchText="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe", lprc=0x15d2d8) returned 13 [0249.483] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", cchText=88, lprc=0x15d2d8, format=0x420, lpdtp=0x21e0ea8 | out: lpchText="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", lprc=0x15d2d8) returned 13 [0249.483] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\VC_redist.x86.exe", cchText=89, lprc=0x15d2d8, format=0x420, lpdtp=0x21e0ed0 | out: lpchText="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\VC_redist.x86.exe", lprc=0x15d2d8) returned 13 [0249.483] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", cchText=88, lprc=0x15d2d8, format=0x420, lpdtp=0x21e0ef8 | out: lpchText="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", lprc=0x15d2d8) returned 13 [0249.483] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe", cchText=89, lprc=0x15d2d8, format=0x420, lpdtp=0x21e0f20 | out: lpchText="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe", lprc=0x15d2d8) returned 13 [0249.484] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", cchText=91, lprc=0x15d2d8, format=0x420, lpdtp=0x21e0f48 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", lprc=0x15d2d8) returned 13 [0249.484] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", cchText=93, lprc=0x15d2d8, format=0x420, lpdtp=0x21e0f70 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", lprc=0x15d2d8) returned 13 [0249.484] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk", cchText=75, lprc=0x15d2d8, format=0x420, lpdtp=0x21e0f98 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk", lprc=0x15d2d8) returned 13 [0249.484] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk", cchText=96, lprc=0x15d2d8, format=0x420, lpdtp=0x21e0fc0 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk", lprc=0x15d2d8) returned 13 [0249.484] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk", cchText=97, lprc=0x15d2d8, format=0x420, lpdtp=0x21e0fe8 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk", lprc=0x15d2d8) returned 13 [0249.484] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk", cchText=107, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1010 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk", lprc=0x15d2d8) returned 13 [0249.484] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk", cchText=108, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1038 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk", lprc=0x15d2d8) returned 13 [0249.484] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk", cchText=102, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1060 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk", lprc=0x15d2d8) returned 13 [0249.485] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk", cchText=96, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1088 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk", lprc=0x15d2d8) returned 13 [0249.485] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk", cchText=101, lprc=0x15d2d8, format=0x420, lpdtp=0x21e10b0 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk", lprc=0x15d2d8) returned 13 [0249.485] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk", cchText=101, lprc=0x15d2d8, format=0x420, lpdtp=0x21e10d8 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk", lprc=0x15d2d8) returned 13 [0249.485] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk", cchText=91, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1100 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk", lprc=0x15d2d8) returned 13 [0249.485] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk", cchText=118, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1128 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk", lprc=0x15d2d8) returned 13 [0249.485] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk", cchText=112, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1150 | out: lpchText="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk", lprc=0x15d2d8) returned 13 [0249.486] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\3E8aHN.png", cchText=45, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1178 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\3E8aHN.png", lprc=0x15d2d8) returned 13 [0249.486] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CRk7sEcLxn.ppt", cchText=49, lprc=0x15d2d8, format=0x420, lpdtp=0x21e11a0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CRk7sEcLxn.ppt", lprc=0x15d2d8) returned 13 [0249.486] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CSRpjbn.docx", cchText=47, lprc=0x15d2d8, format=0x420, lpdtp=0x21e11c8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\CSRpjbn.docx", lprc=0x15d2d8) returned 13 [0249.486] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\DMLxoOU.bmp", cchText=46, lprc=0x15d2d8, format=0x420, lpdtp=0x21e11f0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\DMLxoOU.bmp", lprc=0x15d2d8) returned 13 [0249.486] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\eHXp79eO.mp3", cchText=47, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1218 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\eHXp79eO.mp3", lprc=0x15d2d8) returned 13 [0249.486] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\EIweEXdtYapI-M.doc", cchText=53, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1240 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\EIweEXdtYapI-M.doc", lprc=0x15d2d8) returned 13 [0249.486] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\FHPuaK.png", cchText=45, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1268 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\FHPuaK.png", lprc=0x15d2d8) returned 13 [0249.487] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\fKIJsgucmnFedTn EAkl.bmp", cchText=59, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1290 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\fKIJsgucmnFedTn EAkl.bmp", lprc=0x15d2d8) returned 13 [0249.487] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\G50O8m9fIZrG8.mp4", cchText=52, lprc=0x15d2d8, format=0x420, lpdtp=0x21e12b8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\G50O8m9fIZrG8.mp4", lprc=0x15d2d8) returned 13 [0249.487] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MfGYDk9Y.ppt", cchText=47, lprc=0x15d2d8, format=0x420, lpdtp=0x21e12e0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MfGYDk9Y.ppt", lprc=0x15d2d8) returned 13 [0249.487] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MV73nxGICe.jpg", cchText=49, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1308 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\MV73nxGICe.jpg", lprc=0x15d2d8) returned 13 [0249.487] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\nE3j.mp3", cchText=43, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1330 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\nE3j.mp3", lprc=0x15d2d8) returned 13 [0249.487] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OTMBVrH.mp4", cchText=46, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1358 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OTMBVrH.mp4", lprc=0x15d2d8) returned 13 [0249.487] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OvLGXdJo_8CMQ.doc", cchText=52, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1380 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\OvLGXdJo_8CMQ.doc", lprc=0x15d2d8) returned 13 [0249.488] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\P4nhTG-oMiEDYv2EH.png", cchText=56, lprc=0x15d2d8, format=0x420, lpdtp=0x21e13a8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\P4nhTG-oMiEDYv2EH.png", lprc=0x15d2d8) returned 13 [0249.488] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\snzDMqSsgLa.docx", cchText=51, lprc=0x15d2d8, format=0x420, lpdtp=0x21e13d0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\snzDMqSsgLa.docx", lprc=0x15d2d8) returned 13 [0249.488] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\_tsyATtiMqRdse.mp3", cchText=53, lprc=0x15d2d8, format=0x420, lpdtp=0x21e13f8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\_tsyATtiMqRdse.mp3", lprc=0x15d2d8) returned 13 [0249.488] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\__elk.ppt", cchText=44, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1420 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\__elk.ppt", lprc=0x15d2d8) returned 13 [0249.488] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Edge.lnk", cchText=94, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1448 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Edge.lnk", lprc=0x15d2d8) returned 13 [0249.488] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", cchText=93, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1470 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", lprc=0x15d2d8) returned 13 [0249.488] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", cchText=95, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1498 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", lprc=0x15d2d8) returned 13 [0249.489] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk", cchText=113, lprc=0x15d2d8, format=0x420, lpdtp=0x21e14c0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk", lprc=0x15d2d8) returned 13 [0249.489] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk", cchText=107, lprc=0x15d2d8, format=0x420, lpdtp=0x21e14e8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk", lprc=0x15d2d8) returned 13 [0249.489] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk", cchText=114, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1510 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk", lprc=0x15d2d8) returned 13 [0249.489] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt", cchText=98, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1538 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt", lprc=0x15d2d8) returned 13 [0249.489] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-5Ui6BLg2cDEZ1aGZI_.lnk", cchText=83, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1560 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-5Ui6BLg2cDEZ1aGZI_.lnk", lprc=0x15d2d8) returned 13 [0249.489] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-6JvN5S1cqNGvPDY.lnk", cchText=80, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1588 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-6JvN5S1cqNGvPDY.lnk", lprc=0x15d2d8) returned 13 [0249.489] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mUkc.lnk", cchText=69, lprc=0x15d2d8, format=0x420, lpdtp=0x21e15b0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mUkc.lnk", lprc=0x15d2d8) returned 13 [0249.490] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-TpGaKVbHa97zgS.ppt.lnk", cchText=83, lprc=0x15d2d8, format=0x420, lpdtp=0x21e15d8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-TpGaKVbHa97zgS.ppt.lnk", lprc=0x15d2d8) returned 13 [0249.490] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\167VqDu0.lnk", cchText=72, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1600 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\167VqDu0.lnk", lprc=0x15d2d8) returned 13 [0249.490] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sJQfwB3SA1-aIl-.lnk", cchText=80, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1628 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sJQfwB3SA1-aIl-.lnk", lprc=0x15d2d8) returned 13 [0249.490] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3bJ1.lnk", cchText=68, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1650 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3bJ1.lnk", lprc=0x15d2d8) returned 13 [0249.490] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3E8aHN.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1678 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3E8aHN.lnk", lprc=0x15d2d8) returned 13 [0249.490] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3HUK6hE8Sxy4S31RG.lnk", cchText=81, lprc=0x15d2d8, format=0x420, lpdtp=0x21e16a0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3HUK6hE8Sxy4S31RG.lnk", lprc=0x15d2d8) returned 13 [0249.491] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3mZ1.lnk", cchText=68, lprc=0x15d2d8, format=0x420, lpdtp=0x21e16c8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3mZ1.lnk", lprc=0x15d2d8) returned 13 [0249.491] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3oUk3Xp.lnk", cchText=71, lprc=0x15d2d8, format=0x420, lpdtp=0x21e16f0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3oUk3Xp.lnk", lprc=0x15d2d8) returned 13 [0249.491] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3p6 ohHYs9-.csv.lnk", cchText=79, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1718 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3p6 ohHYs9-.csv.lnk", lprc=0x15d2d8) returned 13 [0249.491] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3q1llB5Op_QjTca2eDNb.odp.lnk", cchText=88, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1740 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3q1llB5Op_QjTca2eDNb.odp.lnk", lprc=0x15d2d8) returned 13 [0249.491] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3um74xQY2dRtB2 VeQ.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1768 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3um74xQY2dRtB2 VeQ.lnk", lprc=0x15d2d8) returned 13 [0249.491] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\40MOvGfppj4bDSgoaCIa.lnk", cchText=84, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1790 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\40MOvGfppj4bDSgoaCIa.lnk", lprc=0x15d2d8) returned 13 [0249.493] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO (2).lnk", cchText=77, lprc=0x15d2d8, format=0x420, lpdtp=0x21e17b8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO (2).lnk", lprc=0x15d2d8) returned 13 [0249.493] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO.lnk", cchText=73, lprc=0x15d2d8, format=0x420, lpdtp=0x21e17e0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5JVUFsxkO.lnk", lprc=0x15d2d8) returned 13 [0249.494] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\61De8WLPska01oVom.lnk", cchText=81, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1808 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\61De8WLPska01oVom.lnk", lprc=0x15d2d8) returned 13 [0249.494] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6zSAXoBMshJ arRcZrD.lnk", cchText=83, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1830 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6zSAXoBMshJ arRcZrD.lnk", lprc=0x15d2d8) returned 13 [0249.494] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7AZ xi 6.odp.lnk", cchText=76, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1858 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7AZ xi 6.odp.lnk", lprc=0x15d2d8) returned 13 [0249.494] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7QSM7Bo389nPLE.lnk", cchText=78, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1880 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7QSM7Bo389nPLE.lnk", lprc=0x15d2d8) returned 13 [0249.494] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8gTJ48.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e18a8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8gTJ48.lnk", lprc=0x15d2d8) returned 13 [0249.494] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9bAP9Uzx.lnk", cchText=72, lprc=0x15d2d8, format=0x420, lpdtp=0x21e18d0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9bAP9Uzx.lnk", lprc=0x15d2d8) returned 13 [0249.494] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aejUOooWI.lnk", cchText=73, lprc=0x15d2d8, format=0x420, lpdtp=0x21e18f8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aejUOooWI.lnk", lprc=0x15d2d8) returned 13 [0249.495] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AI-BTkK-C.lnk", cchText=73, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1920 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AI-BTkK-C.lnk", lprc=0x15d2d8) returned 13 [0249.495] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\amGLU92hTOyVS.pptx.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1948 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\amGLU92hTOyVS.pptx.lnk", lprc=0x15d2d8) returned 13 [0249.495] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aqmU9TUpYSVIUMRXMae4.lnk", cchText=84, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1970 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aqmU9TUpYSVIUMRXMae4.lnk", lprc=0x15d2d8) returned 13 [0249.495] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aucpxM.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1998 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aucpxM.lnk", lprc=0x15d2d8) returned 13 [0249.495] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AwXZ4sgzr.ots.lnk", cchText=77, lprc=0x15d2d8, format=0x420, lpdtp=0x21e19c0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AwXZ4sgzr.ots.lnk", lprc=0x15d2d8) returned 13 [0249.495] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aXS6vb.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e19e8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aXS6vb.lnk", lprc=0x15d2d8) returned 13 [0249.495] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\A_VTOyBLcz6NRbG97.xlsx.lnk", cchText=86, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1a10 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\A_VTOyBLcz6NRbG97.xlsx.lnk", lprc=0x15d2d8) returned 13 [0249.496] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b GzxP7sA1S-0PBuwA.xlsx.lnk", cchText=87, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1a38 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\b GzxP7sA1S-0PBuwA.xlsx.lnk", lprc=0x15d2d8) returned 13 [0249.496] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bBT-MFL3sFb3zx-FPOy.lnk", cchText=83, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1a60 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bBT-MFL3sFb3zx-FPOy.lnk", lprc=0x15d2d8) returned 13 [0249.496] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BG-3Ru.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1a88 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BG-3Ru.lnk", lprc=0x15d2d8) returned 13 [0249.496] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BlfnUP.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1ab0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BlfnUP.lnk", lprc=0x15d2d8) returned 13 [0249.496] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BmJalddlQRnVT8k_d-q.lnk", cchText=83, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1ad8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BmJalddlQRnVT8k_d-q.lnk", lprc=0x15d2d8) returned 13 [0249.496] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bxOJ-KchVEH.lnk", cchText=75, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1b00 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bxOJ-KchVEH.lnk", lprc=0x15d2d8) returned 13 [0249.497] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Chkad3-ROtdrHsoCUX.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1b28 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Chkad3-ROtdrHsoCUX.lnk", lprc=0x15d2d8) returned 13 [0249.497] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CIdAi4WoBaReZGuNW3Z.xlsx.lnk", cchText=88, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1b50 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CIdAi4WoBaReZGuNW3Z.xlsx.lnk", lprc=0x15d2d8) returned 13 [0249.497] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNhSRq_988nVmcAoKs I.lnk", cchText=84, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1b78 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNhSRq_988nVmcAoKs I.lnk", lprc=0x15d2d8) returned 13 [0249.497] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk", cchText=76, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1ba0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk", lprc=0x15d2d8) returned 13 [0249.497] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CPtLqFgr7.lnk", cchText=73, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1bc8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CPtLqFgr7.lnk", lprc=0x15d2d8) returned 13 [0249.497] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CSRpjbn.lnk", cchText=71, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1bf0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CSRpjbn.lnk", lprc=0x15d2d8) returned 13 [0249.498] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cUOFj.lnk", cchText=69, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1c18 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cUOFj.lnk", lprc=0x15d2d8) returned 13 [0249.498] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CxX 3.lnk", cchText=69, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1c40 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CxX 3.lnk", lprc=0x15d2d8) returned 13 [0249.498] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cYW1VXatB-JI8vQr.lnk", cchText=80, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1c68 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cYW1VXatB-JI8vQr.lnk", lprc=0x15d2d8) returned 13 [0249.498] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dbg3Ddy9SSgsZKwE.doc.lnk", cchText=84, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1c90 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dbg3Ddy9SSgsZKwE.doc.lnk", lprc=0x15d2d8) returned 13 [0249.498] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMLxoOU.lnk", cchText=71, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1cb8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMLxoOU.lnk", lprc=0x15d2d8) returned 13 [0249.498] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dvC8ktwxOFj7.lnk", cchText=76, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1ce0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dvC8ktwxOFj7.lnk", lprc=0x15d2d8) returned 13 [0249.498] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dy8.lnk", cchText=67, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1d08 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dy8.lnk", lprc=0x15d2d8) returned 13 [0249.499] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e95MKF1cwUHr.lnk", cchText=76, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1d30 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e95MKF1cwUHr.lnk", lprc=0x15d2d8) returned 13 [0249.499] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EIweEXdtYapI-M.doc.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1d58 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EIweEXdtYapI-M.doc.lnk", lprc=0x15d2d8) returned 13 [0249.499] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eM1JFyu4JyX_V Ar.doc.lnk", cchText=84, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1d80 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eM1JFyu4JyX_V Ar.doc.lnk", lprc=0x15d2d8) returned 13 [0249.499] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eTG7NzXPZhX.lnk", cchText=75, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1da8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eTG7NzXPZhX.lnk", lprc=0x15d2d8) returned 13 [0249.499] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EVZV9g78HF1 1b20ex.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1dd0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EVZV9g78HF1 1b20ex.lnk", lprc=0x15d2d8) returned 13 [0249.499] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e_2t.lnk", cchText=68, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1df8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e_2t.lnk", lprc=0x15d2d8) returned 13 [0249.499] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F5J9i2mP6f7Fg yEKZw4.lnk", cchText=84, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1e20 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F5J9i2mP6f7Fg yEKZw4.lnk", lprc=0x15d2d8) returned 13 [0249.500] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fabE6LAM6xEtP.lnk", cchText=77, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1e48 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fabE6LAM6xEtP.lnk", lprc=0x15d2d8) returned 13 [0249.500] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fenqGAG3YChp.lnk", cchText=76, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1e70 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fenqGAG3YChp.lnk", lprc=0x15d2d8) returned 13 [0249.500] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHPuaK.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1e98 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHPuaK.lnk", lprc=0x15d2d8) returned 13 [0249.500] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKIJsgucmnFedTn EAkl.lnk", cchText=84, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1ec0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\fKIJsgucmnFedTn EAkl.lnk", lprc=0x15d2d8) returned 13 [0249.500] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GC 5fQQJc4NHBM7mhV.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1ee8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GC 5fQQJc4NHBM7mhV.lnk", lprc=0x15d2d8) returned 13 [0249.500] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GDLIsvWIqGajKiRN9dGO.pptx.lnk", cchText=89, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1f10 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GDLIsvWIqGajKiRN9dGO.pptx.lnk", lprc=0x15d2d8) returned 13 [0249.501] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gDn4S0f.ppt.lnk", cchText=75, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1f38 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gDn4S0f.ppt.lnk", lprc=0x15d2d8) returned 13 [0249.501] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gmIBz_0QcERv2HE.lnk", cchText=79, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1f60 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gmIBz_0QcERv2HE.lnk", lprc=0x15d2d8) returned 13 [0249.501] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gMmQ7sMpVxP4WwXZrp.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1f88 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gMmQ7sMpVxP4WwXZrp.lnk", lprc=0x15d2d8) returned 13 [0249.501] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\goujVTDJ1s18.lnk", cchText=76, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1fb0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\goujVTDJ1s18.lnk", lprc=0x15d2d8) returned 13 [0249.501] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hIUicmYfr BOKO-G7dUP.flv.lnk", cchText=88, lprc=0x15d2d8, format=0x420, lpdtp=0x21e1fd8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hIUicmYfr BOKO-G7dUP.flv.lnk", lprc=0x15d2d8) returned 13 [0249.501] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HP_ON6wZYt.lnk", cchText=74, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2000 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HP_ON6wZYt.lnk", lprc=0x15d2d8) returned 13 [0249.501] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\I-byl6.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2028 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\I-byl6.lnk", lprc=0x15d2d8) returned 13 [0249.502] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ikU4Z6NJTIS4CI7XUt.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2050 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ikU4Z6NJTIS4CI7XUt.lnk", lprc=0x15d2d8) returned 13 [0249.502] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J7Kz7aXvYKxh-WWyGI.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2078 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J7Kz7aXvYKxh-WWyGI.lnk", lprc=0x15d2d8) returned 13 [0249.502] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Jfz.flv.lnk", cchText=71, lprc=0x15d2d8, format=0x420, lpdtp=0x21e20a0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Jfz.flv.lnk", lprc=0x15d2d8) returned 13 [0249.502] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JxmR6v_b0d1c1TOkKn.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e20c8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JxmR6v_b0d1c1TOkKn.lnk", lprc=0x15d2d8) returned 13 [0249.502] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jZACGvj_jUniQbGydKt.xlsx.lnk", cchText=88, lprc=0x15d2d8, format=0x420, lpdtp=0x21e20f0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jZACGvj_jUniQbGydKt.xlsx.lnk", lprc=0x15d2d8) returned 13 [0249.502] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kQnIf5.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2118 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kQnIf5.lnk", lprc=0x15d2d8) returned 13 [0249.502] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KrCIJZxudvtCeY.doc.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2140 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KrCIJZxudvtCeY.doc.lnk", lprc=0x15d2d8) returned 13 [0249.503] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Kx8A.lnk", cchText=68, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2168 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Kx8A.lnk", lprc=0x15d2d8) returned 13 [0249.503] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lbLbIV.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2190 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lbLbIV.lnk", lprc=0x15d2d8) returned 13 [0249.503] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LFcvTFKle.lnk", cchText=73, lprc=0x15d2d8, format=0x420, lpdtp=0x21e21b8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LFcvTFKle.lnk", lprc=0x15d2d8) returned 13 [0249.503] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LUnjpDpKTSnQmwR3f6Nd.lnk", cchText=84, lprc=0x15d2d8, format=0x420, lpdtp=0x21e21e0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LUnjpDpKTSnQmwR3f6Nd.lnk", lprc=0x15d2d8) returned 13 [0249.503] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l_tj4.lnk", cchText=69, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2208 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l_tj4.lnk", lprc=0x15d2d8) returned 13 [0249.503] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m62mMrqX1.pptx.lnk", cchText=78, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2230 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m62mMrqX1.pptx.lnk", lprc=0x15d2d8) returned 13 [0249.504] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MfGYDk9Y.ppt.lnk", cchText=76, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2258 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MfGYDk9Y.ppt.lnk", lprc=0x15d2d8) returned 13 [0249.504] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mL-gKRrD1UEPkt.lnk", cchText=78, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2298 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mL-gKRrD1UEPkt.lnk", lprc=0x15d2d8) returned 13 [0249.504] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mLpk6DQaJ9.lnk", cchText=74, lprc=0x15d2d8, format=0x420, lpdtp=0x21e22c0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mLpk6DQaJ9.lnk", lprc=0x15d2d8) returned 13 [0249.504] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MOoazXE175u-tWOUa.lnk", cchText=81, lprc=0x15d2d8, format=0x420, lpdtp=0x21e22e8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MOoazXE175u-tWOUa.lnk", lprc=0x15d2d8) returned 13 [0249.505] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Music.lnk", cchText=69, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2310 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Music.lnk", lprc=0x15d2d8) returned 13 [0249.505] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MV73nxGICe.lnk", cchText=74, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2338 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MV73nxGICe.lnk", lprc=0x15d2d8) returned 13 [0249.505] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N8uzo0.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2360 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N8uzo0.lnk", lprc=0x15d2d8) returned 13 [0249.505] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\novXISG4jJT9ZShRo.ods.lnk", cchText=85, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2388 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\novXISG4jJT9ZShRo.ods.lnk", lprc=0x15d2d8) returned 13 [0249.505] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oBVXWpqYBK.pptx.lnk", cchText=79, lprc=0x15d2d8, format=0x420, lpdtp=0x21e23b0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oBVXWpqYBK.pptx.lnk", lprc=0x15d2d8) returned 13 [0249.505] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oByX88izFWIaL4.lnk", cchText=78, lprc=0x15d2d8, format=0x420, lpdtp=0x21e23d8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oByX88izFWIaL4.lnk", lprc=0x15d2d8) returned 13 [0249.505] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oGnP UReG2.flv.lnk", cchText=78, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2400 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oGnP UReG2.flv.lnk", lprc=0x15d2d8) returned 13 [0249.506] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ogw4Mz9WHOq.lnk", cchText=75, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2428 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ogw4Mz9WHOq.lnk", lprc=0x15d2d8) returned 13 [0249.506] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9 (2).lnk", cchText=77, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2450 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9 (2).lnk", lprc=0x15d2d8) returned 13 [0249.506] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9.lnk", cchText=73, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2478 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OgZRcboo9.lnk", lprc=0x15d2d8) returned 13 [0249.506] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ouGe8u.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e24a0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ouGe8u.lnk", lprc=0x15d2d8) returned 13 [0249.506] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OvLGXdJo_8CMQ.doc.lnk", cchText=81, lprc=0x15d2d8, format=0x420, lpdtp=0x21e24c8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OvLGXdJo_8CMQ.doc.lnk", lprc=0x15d2d8) returned 13 [0249.506] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P Qbc4C6_8tW2SWaqVE.xlsx.lnk", cchText=88, lprc=0x15d2d8, format=0x420, lpdtp=0x21e24f0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P Qbc4C6_8tW2SWaqVE.xlsx.lnk", lprc=0x15d2d8) returned 13 [0249.507] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P4nhTG-oMiEDYv2EH.lnk", cchText=81, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2518 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P4nhTG-oMiEDYv2EH.lnk", lprc=0x15d2d8) returned 13 [0249.507] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pictures.lnk", cchText=72, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2540 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pictures.lnk", lprc=0x15d2d8) returned 13 [0249.507] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PqsS9Gq RHGz.lnk", cchText=76, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2568 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PqsS9Gq RHGz.lnk", lprc=0x15d2d8) returned 13 [0249.509] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\prv-43xC-PpR5k.ppt.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2590 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\prv-43xC-PpR5k.ppt.lnk", lprc=0x15d2d8) returned 13 [0249.509] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pUTUVKAK.xlsx.lnk", cchText=77, lprc=0x15d2d8, format=0x420, lpdtp=0x21e25b8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pUTUVKAK.xlsx.lnk", lprc=0x15d2d8) returned 13 [0249.509] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QCPL9rrlRNtbF01 0.lnk", cchText=81, lprc=0x15d2d8, format=0x420, lpdtp=0x21e25e0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QCPL9rrlRNtbF01 0.lnk", lprc=0x15d2d8) returned 13 [0249.510] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qs6pMlaa5Rs-Y.lnk", cchText=77, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2608 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qs6pMlaa5Rs-Y.lnk", lprc=0x15d2d8) returned 13 [0249.510] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_HhEd.pptx.lnk", cchText=75, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2630 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_HhEd.pptx.lnk", lprc=0x15d2d8) returned 13 [0249.510] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rFTl6BSzg_.lnk", cchText=74, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2658 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rFTl6BSzg_.lnk", lprc=0x15d2d8) returned 13 [0249.510] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming (2).lnk", cchText=75, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2680 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming (2).lnk", lprc=0x15d2d8) returned 13 [0249.510] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk", cchText=71, lprc=0x15d2d8, format=0x420, lpdtp=0x21e26a8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk", lprc=0x15d2d8) returned 13 [0249.510] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rSXGxtmLV1.lnk", cchText=74, lprc=0x15d2d8, format=0x420, lpdtp=0x21e26d0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rSXGxtmLV1.lnk", lprc=0x15d2d8) returned 13 [0249.510] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3mDZhojg.lnk", cchText=73, lprc=0x15d2d8, format=0x420, lpdtp=0x21e26f8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s3mDZhojg.lnk", lprc=0x15d2d8) returned 13 [0249.510] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s6LOWfDyf84Fy2ur3.lnk", cchText=81, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2720 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s6LOWfDyf84Fy2ur3.lnk", lprc=0x15d2d8) returned 13 [0249.511] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ScFVHzsefvu1Kt2J0.lnk", cchText=81, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2748 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ScFVHzsefvu1Kt2J0.lnk", lprc=0x15d2d8) returned 13 [0249.511] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sg MXaT5p_6OuAzIkQ9b.lnk", cchText=84, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2770 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sg MXaT5p_6OuAzIkQ9b.lnk", lprc=0x15d2d8) returned 13 [0249.511] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\smN8Rnib6nLWu.xlsx.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2798 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\smN8Rnib6nLWu.xlsx.lnk", lprc=0x15d2d8) returned 13 [0249.511] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snzDMqSsgLa.lnk", cchText=75, lprc=0x15d2d8, format=0x420, lpdtp=0x21e27c0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snzDMqSsgLa.lnk", lprc=0x15d2d8) returned 13 [0249.511] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srqzB.flv.lnk", cchText=73, lprc=0x15d2d8, format=0x420, lpdtp=0x21e27e8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srqzB.flv.lnk", lprc=0x15d2d8) returned 13 [0249.511] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tFcCKPod.lnk", cchText=72, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2810 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tFcCKPod.lnk", lprc=0x15d2d8) returned 13 [0249.511] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tKwoXg9sP.lnk", cchText=73, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2838 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tKwoXg9sP.lnk", lprc=0x15d2d8) returned 13 [0249.512] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TL__DH.flv.lnk", cchText=74, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2860 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TL__DH.flv.lnk", lprc=0x15d2d8) returned 13 [0249.512] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u7sDs2LZ.lnk", cchText=72, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2888 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\u7sDs2LZ.lnk", lprc=0x15d2d8) returned 13 [0249.512] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UHkhqoDlS1ZMy4YF1xN.xls.lnk", cchText=87, lprc=0x15d2d8, format=0x420, lpdtp=0x21e28b0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UHkhqoDlS1ZMy4YF1xN.xls.lnk", lprc=0x15d2d8) returned 13 [0249.512] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UkJYmBRGn-l6870DyiLq.lnk", cchText=84, lprc=0x15d2d8, format=0x420, lpdtp=0x21e28d8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UkJYmBRGn-l6870DyiLq.lnk", lprc=0x15d2d8) returned 13 [0249.512] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uLcxfT.pps.lnk", cchText=74, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2900 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uLcxfT.pps.lnk", lprc=0x15d2d8) returned 13 [0249.512] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UP8au-zEVP8.lnk", cchText=75, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2928 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UP8au-zEVP8.lnk", lprc=0x15d2d8) returned 13 [0249.513] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Videos.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2950 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Videos.lnk", lprc=0x15d2d8) returned 13 [0249.513] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vPtkmO.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2978 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vPtkmO.lnk", lprc=0x15d2d8) returned 13 [0249.513] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vrypMS0u_xB.lnk", cchText=75, lprc=0x15d2d8, format=0x420, lpdtp=0x21e29a0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vrypMS0u_xB.lnk", lprc=0x15d2d8) returned 13 [0249.513] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VvJS.odp.lnk", cchText=72, lprc=0x15d2d8, format=0x420, lpdtp=0x21e29c8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VvJS.odp.lnk", lprc=0x15d2d8) returned 13 [0249.513] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w7V8A-uHWT3m-XUwfg56.lnk", cchText=84, lprc=0x15d2d8, format=0x420, lpdtp=0x21e29f0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w7V8A-uHWT3m-XUwfg56.lnk", lprc=0x15d2d8) returned 13 [0249.513] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WDmuMj12Phg.lnk", cchText=75, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2a18 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WDmuMj12Phg.lnk", lprc=0x15d2d8) returned 13 [0249.513] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wFdXt6C3g60.lnk", cchText=75, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2a40 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wFdXt6C3g60.lnk", lprc=0x15d2d8) returned 13 [0249.514] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfobQHYIBDGT.ods.lnk", cchText=80, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2a68 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WfobQHYIBDGT.ods.lnk", lprc=0x15d2d8) returned 13 [0249.514] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WFsJxSQxtzsU8zvNclOo.lnk", cchText=84, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2a90 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WFsJxSQxtzsU8zvNclOo.lnk", lprc=0x15d2d8) returned 13 [0249.514] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wse91V.lnk", cchText=70, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2ab8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wse91V.lnk", lprc=0x15d2d8) returned 13 [0249.514] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wsjB3_tj0w.lnk", cchText=74, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2ae0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wsjB3_tj0w.lnk", lprc=0x15d2d8) returned 13 [0249.514] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wy7xkGTjTM8mqiSz.lnk", cchText=80, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2b08 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wy7xkGTjTM8mqiSz.lnk", lprc=0x15d2d8) returned 13 [0249.514] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XAdPkF7sUkUXx_LAj0.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2b30 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XAdPkF7sUkUXx_LAj0.lnk", lprc=0x15d2d8) returned 13 [0249.514] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XJlr4B62K0xVJsS jZ.lnk", cchText=82, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2b58 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XJlr4B62K0xVJsS jZ.lnk", lprc=0x15d2d8) returned 13 [0249.515] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xmWl.csv.lnk", cchText=72, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2b80 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xmWl.csv.lnk", lprc=0x15d2d8) returned 13 [0249.515] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xr4V9WaT5ttMZmeN.flv.lnk", cchText=84, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2ba8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xr4V9WaT5ttMZmeN.flv.lnk", lprc=0x15d2d8) returned 13 [0249.515] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xRlhM7BkA6.lnk", cchText=74, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2bd0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xRlhM7BkA6.lnk", lprc=0x15d2d8) returned 13 [0249.515] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xvc2R9.flv.lnk", cchText=74, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2bf8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xvc2R9.flv.lnk", lprc=0x15d2d8) returned 13 [0249.515] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YkjIrU5f.pps.lnk", cchText=76, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2c20 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YkjIrU5f.pps.lnk", lprc=0x15d2d8) returned 13 [0249.515] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Yme_Rm4L2kuXKjrR V.odp.lnk", cchText=86, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2c48 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Yme_Rm4L2kuXKjrR V.odp.lnk", lprc=0x15d2d8) returned 13 [0249.516] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zCcWRD8QwPIFlQ2Uo.lnk", cchText=81, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2c70 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zCcWRD8QwPIFlQ2Uo.lnk", lprc=0x15d2d8) returned 13 [0249.516] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZRXGsN4Yw6b0TwCVAl.flv.lnk", cchText=86, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2c98 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZRXGsN4Yw6b0TwCVAl.flv.lnk", lprc=0x15d2d8) returned 13 [0249.516] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZzS4.flv.lnk", cchText=72, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2cc0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZzS4.flv.lnk", lprc=0x15d2d8) returned 13 [0249.516] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\__elk.ppt.lnk", cchText=73, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2ce8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\__elk.ppt.lnk", lprc=0x15d2d8) returned 13 [0249.516] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Bluetooth File Transfer.LNK", cchText=87, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2d10 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Bluetooth File Transfer.LNK", lprc=0x15d2d8) returned 13 [0249.516] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk", cchText=77, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2d38 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk", lprc=0x15d2d8) returned 13 [0249.516] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk", cchText=98, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2d60 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Magnify.lnk", lprc=0x15d2d8) returned 13 [0249.517] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk", cchText=99, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2d88 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\Narrator.lnk", lprc=0x15d2d8) returned 13 [0249.517] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk", cchText=109, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2db0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\On-Screen Keyboard.lnk", lprc=0x15d2d8) returned 13 [0249.517] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Internet Explorer.lnk", cchText=106, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2dd8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Internet Explorer.lnk", lprc=0x15d2d8) returned 13 [0249.517] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk", cchText=110, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2e00 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Administrative Tools.lnk", lprc=0x15d2d8) returned 13 [0249.517] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk", cchText=104, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2e28 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk", lprc=0x15d2d8) returned 13 [0249.517] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk", cchText=98, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2e50 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\computer.lnk", lprc=0x15d2d8) returned 13 [0249.518] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk", cchText=103, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2e78 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Control Panel.lnk", lprc=0x15d2d8) returned 13 [0249.518] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk", cchText=103, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2ea0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk", lprc=0x15d2d8) returned 13 [0249.518] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk", cchText=93, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2ec8 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Run.lnk", lprc=0x15d2d8) returned 13 [0249.518] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk", cchText=120, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2ef0 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell (x86).lnk", lprc=0x15d2d8) returned 13 [0249.518] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk", cchText=114, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2f18 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk", lprc=0x15d2d8) returned 13 [0249.518] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg", cchText=101, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2f40 | out: lpchText="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg", lprc=0x15d2d8) returned 13 [0249.518] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\9AS0zmhI1IuF3gKIE7k.mp4", cchText=50, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2f68 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\9AS0zmhI1IuF3gKIE7k.mp4", lprc=0x15d2d8) returned 13 [0249.519] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\aejUOooWI.png", cchText=40, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2f90 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\aejUOooWI.png", lprc=0x15d2d8) returned 13 [0249.519] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\A_VTOyBLcz6NRbG97.xlsx", cchText=49, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2fb8 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\A_VTOyBLcz6NRbG97.xlsx", lprc=0x15d2d8) returned 13 [0249.519] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\CPtLqFgr7.odt", cchText=40, lprc=0x15d2d8, format=0x420, lpdtp=0x21e2fe0 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\CPtLqFgr7.odt", lprc=0x15d2d8) returned 13 [0249.519] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\eM1JFyu4JyX_V Ar.doc", cchText=47, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3008 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\eM1JFyu4JyX_V Ar.doc", lprc=0x15d2d8) returned 13 [0249.519] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\JXeScA2ioPeBdV4Lv_Z.png", cchText=50, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3030 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\JXeScA2ioPeBdV4Lv_Z.png", lprc=0x15d2d8) returned 13 [0249.519] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\kJxyHJTcJmHZA00.mp4", cchText=46, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3058 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\kJxyHJTcJmHZA00.mp4", lprc=0x15d2d8) returned 13 [0249.519] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\N8uzo0.png", cchText=37, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3080 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\N8uzo0.png", lprc=0x15d2d8) returned 13 [0249.519] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\ogw4Mz9WHOq.png", cchText=42, lprc=0x15d2d8, format=0x420, lpdtp=0x21e30a8 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\ogw4Mz9WHOq.png", lprc=0x15d2d8) returned 13 [0249.520] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\oxKt_.mp4", cchText=36, lprc=0x15d2d8, format=0x420, lpdtp=0x21e30d0 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\oxKt_.mp4", lprc=0x15d2d8) returned 13 [0249.520] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\Q4iEH-Vhpy0WGy2.mp3", cchText=46, lprc=0x15d2d8, format=0x420, lpdtp=0x21e30f8 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\Q4iEH-Vhpy0WGy2.mp3", lprc=0x15d2d8) returned 13 [0249.520] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\rkO e6gc.mp4", cchText=39, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3120 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\rkO e6gc.mp4", lprc=0x15d2d8) returned 13 [0249.520] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\s3mDZhojg.bmp", cchText=40, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3148 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\s3mDZhojg.bmp", lprc=0x15d2d8) returned 13 [0249.520] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\sg MXaT5p_6OuAzIkQ9b.odt", cchText=51, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3170 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\sg MXaT5p_6OuAzIkQ9b.odt", lprc=0x15d2d8) returned 13 [0249.520] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\w7V8A-uHWT3m-XUwfg56.bmp", cchText=51, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3198 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\w7V8A-uHWT3m-XUwfg56.bmp", lprc=0x15d2d8) returned 13 [0249.520] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\wnd4e.ppt", cchText=36, lprc=0x15d2d8, format=0x420, lpdtp=0x21e31c0 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\wnd4e.ppt", lprc=0x15d2d8) returned 13 [0249.521] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\-kzqFR.mp3", cchText=43, lprc=0x15d2d8, format=0x420, lpdtp=0x21e31e8 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\-kzqFR.mp3", lprc=0x15d2d8) returned 13 [0249.521] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\3um74xQY2dRtB2 VeQ.jpg", cchText=55, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3210 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\3um74xQY2dRtB2 VeQ.jpg", lprc=0x15d2d8) returned 13 [0249.521] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\eTG7NzXPZhX.jpg", cchText=48, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3238 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\eTG7NzXPZhX.jpg", lprc=0x15d2d8) returned 13 [0249.521] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\gx-lni4aupUfI o.mp3", cchText=52, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3260 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\gx-lni4aupUfI o.mp3", lprc=0x15d2d8) returned 13 [0249.521] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\prv-43xC-PpR5k.ppt", cchText=51, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3288 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\prv-43xC-PpR5k.ppt", lprc=0x15d2d8) returned 13 [0249.521] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\rd6vVBpCT6eLzirYJclG.mp3", cchText=57, lprc=0x15d2d8, format=0x420, lpdtp=0x21e32b0 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\rd6vVBpCT6eLzirYJclG.mp3", lprc=0x15d2d8) returned 13 [0249.521] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\wsjB3_tj0w.jpg", cchText=47, lprc=0x15d2d8, format=0x420, lpdtp=0x21e32d8 | out: lpchText="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\wsjB3_tj0w.jpg", lprc=0x15d2d8) returned 13 [0249.522] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\amGLU92hTOyVS.pptx", cchText=47, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3300 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\amGLU92hTOyVS.pptx", lprc=0x15d2d8) returned 13 [0249.522] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\aqmU9TUpYSVIUMRXMae4.docx", cchText=54, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3328 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\aqmU9TUpYSVIUMRXMae4.docx", lprc=0x15d2d8) returned 13 [0249.522] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\b GzxP7sA1S-0PBuwA.xlsx", cchText=52, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3350 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\b GzxP7sA1S-0PBuwA.xlsx", lprc=0x15d2d8) returned 13 [0249.522] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\CIdAi4WoBaReZGuNW3Z.xlsx", cchText=53, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3378 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\CIdAi4WoBaReZGuNW3Z.xlsx", lprc=0x15d2d8) returned 13 [0249.522] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\e_2t.docx", cchText=38, lprc=0x15d2d8, format=0x420, lpdtp=0x21e33a0 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\e_2t.docx", lprc=0x15d2d8) returned 13 [0249.522] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\GC 5fQQJc4NHBM7mhV.docx", cchText=52, lprc=0x15d2d8, format=0x420, lpdtp=0x21e33c8 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\GC 5fQQJc4NHBM7mhV.docx", lprc=0x15d2d8) returned 13 [0249.523] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\GDLIsvWIqGajKiRN9dGO.pptx", cchText=54, lprc=0x15d2d8, format=0x420, lpdtp=0x21e33f0 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\GDLIsvWIqGajKiRN9dGO.pptx", lprc=0x15d2d8) returned 13 [0249.524] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\gmIBz_0QcERv2HE.docx", cchText=49, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3418 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\gmIBz_0QcERv2HE.docx", lprc=0x15d2d8) returned 13 [0249.524] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\m62mMrqX1.pptx", cchText=43, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3440 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\m62mMrqX1.pptx", lprc=0x15d2d8) returned 13 [0249.524] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\oBVXWpqYBK.pptx", cchText=44, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3468 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\oBVXWpqYBK.pptx", lprc=0x15d2d8) returned 13 [0249.525] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\P Qbc4C6_8tW2SWaqVE.xlsx", cchText=53, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3490 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\P Qbc4C6_8tW2SWaqVE.xlsx", lprc=0x15d2d8) returned 13 [0249.525] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\q_HhEd.pptx", cchText=40, lprc=0x15d2d8, format=0x420, lpdtp=0x21e34b8 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\q_HhEd.pptx", lprc=0x15d2d8) returned 13 [0249.525] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\smN8Rnib6nLWu.xlsx", cchText=47, lprc=0x15d2d8, format=0x420, lpdtp=0x21e34e0 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\smN8Rnib6nLWu.xlsx", lprc=0x15d2d8) returned 13 [0249.525] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="C:\\Users\\OqXZRaykm\\Documents\\tFcCKPod.docx", cchText=42, lprc=0x15d2d8, format=0x420, lpdtp=0x21e3508 | out: lpchText="C:\\Users\\OqXZRaykm\\Documents\\tFcCKPod.docx", lprc=0x15d2d8) returned 13 [0249.530] SendMessageW (hWnd=0x60044, Msg=0x194, wParam=0x2ab, lParam=0x0) returned 0x0 [0249.530] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x194, wParam=0x2ab, lParam=0x0) returned 0x0 [0249.531] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x46, wParam=0x0, lParam=0x15c810) returned 0x0 [0249.531] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x83, wParam=0x1, lParam=0x15c7e0) returned 0x0 [0249.533] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x47, wParam=0x0, lParam=0x15c810) returned 0x0 [0249.533] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x5, wParam=0x0, lParam=0x14e0252) returned 0x0 [0249.580] GetClientRect (in: hWnd=0x60044, lpRect=0x15c1a0 | out: lpRect=0x15c1a0) returned 1 [0249.580] GetWindowRect (in: hWnd=0x60044, lpRect=0x15c1a0 | out: lpRect=0x15c1a0) returned 1 [0249.580] GetParent (hWnd=0x60044) returned 0x40376 [0249.581] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15c1a0, cPoints=0x2 | out: lpPoints=0x15c1a0) returned -14418160 [0249.581] GetWindowTextLengthW (hWnd=0x60044) returned 0 [0249.581] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0249.581] GetSystemMetrics (nIndex=42) returned 0 [0249.581] GetWindowTextW (in: hWnd=0x60044, lpString=0x15be10, nMaxCount=1 | out: lpString="") returned 0 [0249.581] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0xd, wParam=0x1, lParam=0x15be10) returned 0x0 [0249.582] InvalidateRect (hWnd=0x60044, lpRect=0x0, bErase=1) returned 1 [0249.582] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0249.582] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0249.582] GetSystemMetrics (nIndex=42) returned 0 [0249.582] GetWindowTextW (in: hWnd=0x40376, lpString=0x15bec0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0249.582] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15bec0) returned 0xb [0249.583] GetParent (hWnd=0x60044) returned 0x40376 [0249.588] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x5, wParam=0x0, lParam=0x14e0252) returned 0x0 [0249.588] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x3, wParam=0x0, lParam=0x330132) returned 0x0 [0249.588] GetClientRect (in: hWnd=0x60044, lpRect=0x15d5e0 | out: lpRect=0x15d5e0) returned 1 [0249.588] GetWindowRect (in: hWnd=0x60044, lpRect=0x15d5e0 | out: lpRect=0x15d5e0) returned 1 [0249.588] GetParent (hWnd=0x60044) returned 0x40376 [0249.588] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d5e0, cPoints=0x2 | out: lpPoints=0x15d5e0) returned -14418160 [0249.589] SendMessageW (hWnd=0x60044, Msg=0x2210, wParam=0x440001, lParam=0x60044) returned 0x0 [0249.589] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x2210, wParam=0x440001, lParam=0x60044) returned 0x0 [0249.589] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0249.590] GetParent (hWnd=0x60044) returned 0x40376 [0249.590] GetCurrentActCtx (in: lphActCtx=0x15e4a0 | out: lphActCtx=0x15e4a0*=0x61ce08) returned 1 [0249.590] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0249.590] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r6_ad1", lpWindowName="319 files have been encrypted", dwStyle=0x5600000d, X=301, Y=33, nWidth=179, nHeight=13, hWndParent=0x40376, hMenu=0x0, hInstance=0x10000, lpParam=0x0) returned 0x70062 [0249.591] SetWindowLongPtrW (hWnd=0x70062, nIndex=-4, dwNewLong=0x7ffa90a11cb0) returned 0x1ad6108c [0249.591] GetWindowLongPtrW (hWnd=0x70062, nIndex=-4) returned 0x7ffa90a11cb0 [0249.592] SetWindowLongPtrW (hWnd=0x70062, nIndex=-4, dwNewLong=0x1ad611cc) returned 0x7ffa90a11cb0 [0249.593] GetWindowLongPtrW (hWnd=0x70062, nIndex=-4) returned 0x1ad611cc [0249.593] GetWindowLongPtrW (hWnd=0x70062, nIndex=-16) returned 0x4600000d [0249.593] GetWindowLongPtrW (hWnd=0x70062, nIndex=-12) returned 0x0 [0249.593] SetWindowLongPtrW (hWnd=0x70062, nIndex=-12, dwNewLong=0x70062) returned 0x0 [0249.593] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0x81, wParam=0x0, lParam=0x15db30) returned 0x1 [0249.595] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0x83, wParam=0x0, lParam=0x15dbe0) returned 0x0 [0249.595] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0x1, wParam=0x0, lParam=0x15dae0) returned 0x0 [0249.597] GetWindow (hWnd=0x70062, uCmd=0x3) returned 0x60044 [0249.597] GetClientRect (in: hWnd=0x70062, lpRect=0x15d480 | out: lpRect=0x15d480) returned 1 [0249.597] GetWindowRect (in: hWnd=0x70062, lpRect=0x15d480 | out: lpRect=0x15d480) returned 1 [0249.597] GetParent (hWnd=0x70062) returned 0x40376 [0249.597] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d480, cPoints=0x2 | out: lpPoints=0x15d480) returned -14418160 [0249.599] SetWindowTextW (hWnd=0x70062, lpString="319 files have been encrypted") returned 1 [0249.599] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0xc, wParam=0x0, lParam=0x216179c) returned 0x1 [0249.600] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0x5, wParam=0x0, lParam=0xd00b3) returned 0x0 [0249.601] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0x3, wParam=0x0, lParam=0x21012d) returned 0x0 [0249.601] GetClientRect (in: hWnd=0x70062, lpRect=0x15d5e0 | out: lpRect=0x15d5e0) returned 1 [0249.602] GetWindowRect (in: hWnd=0x70062, lpRect=0x15d5e0 | out: lpRect=0x15d5e0) returned 1 [0249.602] GetParent (hWnd=0x70062) returned 0x40376 [0249.602] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d5e0, cPoints=0x2 | out: lpPoints=0x15d5e0) returned -14418160 [0249.602] SendMessageW (hWnd=0x70062, Msg=0x2210, wParam=0x620001, lParam=0x70062) returned 0x0 [0249.602] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0x2210, wParam=0x620001, lParam=0x70062) returned 0x0 [0249.603] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0249.603] GetParent (hWnd=0x70062) returned 0x40376 [0249.603] GetCurrentActCtx (in: lphActCtx=0x15e4a0 | out: lphActCtx=0x15e4a0*=0x61ce08) returned 1 [0249.604] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0249.604] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r6_ad1", lpWindowName="All your files belong to us!", dwStyle=0x5600000d, X=301, Y=6, nWidth=215, nHeight=20, hWndParent=0x40376, hMenu=0x0, hInstance=0x10000, lpParam=0x0) returned 0xc0052 [0249.605] SetWindowLongPtrW (hWnd=0xc0052, nIndex=-4, dwNewLong=0x7ffa90a11cb0) returned 0x1ad6108c [0249.605] GetWindowLongPtrW (hWnd=0xc0052, nIndex=-4) returned 0x7ffa90a11cb0 [0249.606] SetWindowLongPtrW (hWnd=0xc0052, nIndex=-4, dwNewLong=0x1ad6121c) returned 0x7ffa90a11cb0 [0249.606] GetWindowLongPtrW (hWnd=0xc0052, nIndex=-4) returned 0x1ad6121c [0249.606] GetWindowLongPtrW (hWnd=0xc0052, nIndex=-16) returned 0x4600000d [0249.606] GetWindowLongPtrW (hWnd=0xc0052, nIndex=-12) returned 0x0 [0249.606] SetWindowLongPtrW (hWnd=0xc0052, nIndex=-12, dwNewLong=0xc0052) returned 0x0 [0249.606] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0x81, wParam=0x0, lParam=0x15db30) returned 0x1 [0249.609] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0x83, wParam=0x0, lParam=0x15dbe0) returned 0x0 [0249.609] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0x1, wParam=0x0, lParam=0x15daf0) returned 0x0 [0249.610] GetWindow (hWnd=0xc0052, uCmd=0x3) returned 0x70062 [0249.611] GetClientRect (in: hWnd=0xc0052, lpRect=0x15d490 | out: lpRect=0x15d490) returned 1 [0249.611] GetWindowRect (in: hWnd=0xc0052, lpRect=0x15d490 | out: lpRect=0x15d490) returned 1 [0249.611] GetParent (hWnd=0xc0052) returned 0x40376 [0249.611] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d490, cPoints=0x2 | out: lpPoints=0x15d490) returned -14418160 [0249.612] SetWindowTextW (hWnd=0xc0052, lpString="All your files belong to us!") returned 1 [0249.613] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0xc, wParam=0x0, lParam=0x214169c) returned 0x1 [0249.614] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0x5, wParam=0x0, lParam=0x1400d7) returned 0x0 [0249.614] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0x3, wParam=0x0, lParam=0x6012d) returned 0x0 [0249.614] GetClientRect (in: hWnd=0xc0052, lpRect=0x15d5e0 | out: lpRect=0x15d5e0) returned 1 [0249.614] GetWindowRect (in: hWnd=0xc0052, lpRect=0x15d5e0 | out: lpRect=0x15d5e0) returned 1 [0249.614] GetParent (hWnd=0xc0052) returned 0x40376 [0249.614] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d5e0, cPoints=0x2 | out: lpPoints=0x15d5e0) returned -14418160 [0249.615] SendMessageW (hWnd=0xc0052, Msg=0x2210, wParam=0x520001, lParam=0xc0052) returned 0x0 [0249.615] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0x2210, wParam=0x520001, lParam=0xc0052) returned 0x0 [0249.615] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0249.616] GetParent (hWnd=0xc0052) returned 0x40376 [0249.616] GetCurrentActCtx (in: lphActCtx=0x15e4a0 | out: lphActCtx=0x15e4a0*=0x61ce08) returned 1 [0249.616] GetClassInfoW (in: hInstance=0x0, lpClassName="BUTTON", lpWndClass=0x21e4640 | out: lpWndClass=0x21e4640) returned 1 [0249.620] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0249.623] CoTaskMemAlloc (cb=0x56) returned 0x62c980 [0249.623] RegisterClassW (lpWndClass=0x15e180) returned 0xc1e9 [0249.624] CoTaskMemFree (pv=0x62c980) [0249.624] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0249.624] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.BUTTON.app.0.141b42a_r6_ad1", lpWindowName="Decrypt Files", dwStyle=0x5601000b, X=57, Y=343, nWidth=208, nHeight=47, hWndParent=0x40376, hMenu=0x0, hInstance=0x10000, lpParam=0x0) returned 0xa0050 [0249.636] SetWindowLongPtrW (hWnd=0xa0050, nIndex=-4, dwNewLong=0x7ffa909f1000) returned 0x1ad6077c [0249.636] GetWindowLongPtrW (hWnd=0xa0050, nIndex=-4) returned 0x7ffa909f1000 [0249.637] SetWindowLongPtrW (hWnd=0xa0050, nIndex=-4, dwNewLong=0x1ad63c7c) returned 0x7ffa909f1000 [0249.638] GetWindowLongPtrW (hWnd=0xa0050, nIndex=-4) returned 0x1ad63c7c [0249.638] GetWindowLongPtrW (hWnd=0xa0050, nIndex=-16) returned 0x4601000b [0249.638] GetWindowLongPtrW (hWnd=0xa0050, nIndex=-12) returned 0x0 [0249.638] SetWindowLongPtrW (hWnd=0xa0050, nIndex=-12, dwNewLong=0xa0050) returned 0x0 [0249.638] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x81, wParam=0x0, lParam=0x15db30) returned 0x1 [0249.640] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x83, wParam=0x0, lParam=0x15dbe0) returned 0x0 [0249.640] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x1, wParam=0x0, lParam=0x15db00) returned 0x0 [0249.643] SendMessageW (hWnd=0xa0050, Msg=0x2055, wParam=0xa0050, lParam=0x3) returned 0x2 [0249.643] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x0 [0249.643] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0 [0249.643] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x127, wParam=0x30001, lParam=0x0) returned 0x0 [0249.643] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0249.644] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0249.644] RedrawWindow (hWnd=0xf037a, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0249.644] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0249.644] RedrawWindow (hWnd=0x90252, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0249.644] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0249.645] RedrawWindow (hWnd=0x5005c, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0249.645] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0249.645] InvalidateRect (hWnd=0x60044, lpRect=0x0, bErase=1) returned 1 [0249.645] RedrawWindow (hWnd=0x60044, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0249.646] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0249.646] RedrawWindow (hWnd=0x70062, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0249.646] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0249.646] RedrawWindow (hWnd=0xc0052, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0249.647] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0249.647] RedrawWindow (hWnd=0xa0050, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0249.647] RedrawWindow (hWnd=0x40376, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0249.649] GetWindow (hWnd=0xa0050, uCmd=0x3) returned 0xc0052 [0249.649] GetClientRect (in: hWnd=0xa0050, lpRect=0x15d470 | out: lpRect=0x15d470) returned 1 [0249.649] GetWindowRect (in: hWnd=0xa0050, lpRect=0x15d470 | out: lpRect=0x15d470) returned 1 [0249.650] GetParent (hWnd=0xa0050) returned 0x40376 [0249.650] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d470, cPoints=0x2 | out: lpPoints=0x15d470) returned -14418160 [0249.652] SetWindowTextW (hWnd=0xa0050, lpString="Decrypt Files") returned 1 [0249.652] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0xc, wParam=0x0, lParam=0x214163c) returned 0x1 [0249.654] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x5, wParam=0x0, lParam=0x2f00d0) returned 0x0 [0249.654] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x3, wParam=0x0, lParam=0x1570039) returned 0x0 [0249.654] GetClientRect (in: hWnd=0xa0050, lpRect=0x15d5b0 | out: lpRect=0x15d5b0) returned 1 [0249.654] GetWindowRect (in: hWnd=0xa0050, lpRect=0x15d5b0 | out: lpRect=0x15d5b0) returned 1 [0249.654] GetParent (hWnd=0xa0050) returned 0x40376 [0249.654] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d5b0, cPoints=0x2 | out: lpPoints=0x15d5b0) returned -14418160 [0249.654] SendMessageW (hWnd=0xa0050, Msg=0x2210, wParam=0x500001, lParam=0xa0050) returned 0x0 [0249.654] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x2210, wParam=0x500001, lParam=0xa0050) returned 0x0 [0249.655] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0249.655] GetParent (hWnd=0xa0050) returned 0x40376 [0249.655] GetCurrentActCtx (in: lphActCtx=0x15e460 | out: lphActCtx=0x15e460*=0x61ce08) returned 1 [0249.656] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0249.656] CreateWindowExW (dwExStyle=0x200, lpClassName="WindowsForms10.EDIT.app.0.141b42a_r6_ad1", lpWindowName=0x0, dwStyle=0x560100c0, X=57, Y=318, nWidth=209, nHeight=23, hWndParent=0x40376, hMenu=0x0, hInstance=0x10000, lpParam=0x0) returned 0x80386 [0249.657] SetWindowLongPtrW (hWnd=0x80386, nIndex=-4, dwNewLong=0x7ffa909a0db0) returned 0x1ad60fec [0249.657] GetWindowLongPtrW (hWnd=0x80386, nIndex=-4) returned 0x7ffa909a0db0 [0249.658] SetWindowLongPtrW (hWnd=0x80386, nIndex=-4, dwNewLong=0x1ad6386c) returned 0x7ffa909a0db0 [0249.658] GetWindowLongPtrW (hWnd=0x80386, nIndex=-4) returned 0x1ad6386c [0249.658] GetWindowLongPtrW (hWnd=0x80386, nIndex=-16) returned 0x460100c0 [0249.658] GetWindowLongPtrW (hWnd=0x80386, nIndex=-12) returned 0x0 [0249.658] SetWindowLongPtrW (hWnd=0x80386, nIndex=-12, dwNewLong=0x80386) returned 0x0 [0249.658] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x81, wParam=0x0, lParam=0x15daf0) returned 0x1 [0249.661] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x83, wParam=0x0, lParam=0x15dba0) returned 0x0 [0249.662] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x1, wParam=0x0, lParam=0x15daf0) returned 0x1 [0249.663] SendMessageW (hWnd=0x80386, Msg=0x2055, wParam=0x80386, lParam=0x3) returned 0x2 [0249.663] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x3 [0249.663] GetWindow (hWnd=0x80386, uCmd=0x3) returned 0xa0050 [0249.664] GetClientRect (in: hWnd=0x80386, lpRect=0x15d4c0 | out: lpRect=0x15d4c0) returned 1 [0249.665] GetWindowRect (in: hWnd=0x80386, lpRect=0x15d4c0 | out: lpRect=0x15d4c0) returned 1 [0249.665] GetParent (hWnd=0x80386) returned 0x40376 [0249.665] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d4c0, cPoints=0x2 | out: lpPoints=0x15d4c0) returned -14418160 [0249.666] GetDC (hWnd=0x0) returned 0x580108aa [0249.667] GdipCreateFromHDC (hdc=0x580108aa, graphics=0x15d168) returned 0x0 [0249.668] CoTaskMemAlloc (cb=0x5c) returned 0x63a630 [0249.668] GdipGetLogFontW (font=0x1ac61f10, graphics=0x1c5789b0, logfontW=0x63a630) returned 0x0 [0249.669] CoTaskMemFree (pv=0x63a630) [0249.669] CoTaskMemAlloc (cb=0x5c) returned 0x63a1d0 [0249.669] CoTaskMemFree (pv=0x63a1d0) [0249.669] CoTaskMemAlloc (cb=0x5c) returned 0x63a2b0 [0249.670] CoTaskMemFree (pv=0x63a2b0) [0249.670] GdipDeleteGraphics (graphics=0x1c5789b0) returned 0x0 [0249.670] ReleaseDC (hWnd=0x0, hDC=0x580108aa) returned 1 [0249.671] CoTaskMemAlloc (cb=0x5c) returned 0x63ac50 [0249.671] CreateFontIndirectW (lplf=0x63ac50) returned 0xffffffff8b0a06ee [0249.672] CoTaskMemFree (pv=0x63ac50) [0249.672] SendMessageW (hWnd=0x80386, Msg=0x30, wParam=0xffffffff8b0a06ee, lParam=0x0) returned 0x1 [0249.672] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x30, wParam=0xffffffff8b0a06ee, lParam=0x0) returned 0x1 [0249.674] SendMessageW (hWnd=0x80386, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0 [0249.674] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0 [0249.676] GetSystemMetrics (nIndex=5) returned 1 [0249.676] GetSystemMetrics (nIndex=6) returned 1 [0249.676] SendMessageW (hWnd=0x80386, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0249.676] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0249.676] SendMessageW (hWnd=0x80386, Msg=0xd2, wParam=0x0, lParam=0x0) returned 0x0 [0249.676] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xd2, wParam=0x0, lParam=0x0) returned 0x0 [0249.677] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x5, wParam=0x0, lParam=0x1300cd) returned 0x0 [0249.678] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x3, wParam=0x0, lParam=0x140003b) returned 0x0 [0249.678] GetClientRect (in: hWnd=0x80386, lpRect=0x15d5d0 | out: lpRect=0x15d5d0) returned 1 [0249.678] GetWindowRect (in: hWnd=0x80386, lpRect=0x15d5d0 | out: lpRect=0x15d5d0) returned 1 [0249.678] GetParent (hWnd=0x80386) returned 0x40376 [0249.678] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40376, lpPoints=0x15d5d0, cPoints=0x2 | out: lpPoints=0x15d5d0) returned -14418160 [0249.678] SendMessageW (hWnd=0x80386, Msg=0x2210, wParam=0x3860001, lParam=0x80386) returned 0x0 [0249.678] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x2210, wParam=0x3860001, lParam=0x80386) returned 0x0 [0249.679] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0249.681] GetParent (hWnd=0x80386) returned 0x40376 [0249.691] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0249.692] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0249.692] GetSystemMetrics (nIndex=42) returned 0 [0249.692] GetWindowTextW (in: hWnd=0x40376, lpString=0x15e410, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0249.692] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15e410) returned 0xb [0249.736] LocalAlloc (uFlags=0x0, uBytes=0x4c) returned 0x62bde0 [0257.201] LocalFree (hMem=0x62bde0) returned 0x0 [0257.208] InvalidateRect (hWnd=0xf037a, lpRect=0x0, bErase=1) returned 1 [0257.216] InvalidateRect (hWnd=0x90252, lpRect=0x0, bErase=1) returned 1 [0257.216] InvalidateRect (hWnd=0x5005c, lpRect=0x0, bErase=1) returned 1 [0257.216] InvalidateRect (hWnd=0x60044, lpRect=0x0, bErase=1) returned 1 [0257.216] InvalidateRect (hWnd=0x70062, lpRect=0x0, bErase=1) returned 1 [0257.217] InvalidateRect (hWnd=0xc0052, lpRect=0x0, bErase=1) returned 1 [0257.217] InvalidateRect (hWnd=0xa0050, lpRect=0x0, bErase=0) returned 1 [0257.217] InvalidateRect (hWnd=0x80386, lpRect=0x0, bErase=1) returned 1 [0257.221] GetWindowThreadProcessId (in: hWnd=0x40376, lpdwProcessId=0x15e4e0 | out: lpdwProcessId=0x15e4e0) returned 0x134c [0257.221] GetCurrentThreadId () returned 0x134c [0257.222] RegisterClipboardFormatW (lpszFormat="WindowsForms12_ThreadCallbackMessage") returned 0xc1ea [0257.223] PostMessageW (hWnd=0x40376, Msg=0xc1ea, wParam=0x0, lParam=0x0) returned 1 [0257.223] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0257.223] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0257.224] GetSystemMetrics (nIndex=42) returned 0 [0257.224] GetWindowTextW (in: hWnd=0x40376, lpString=0x15e3e0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0257.224] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15e3e0) returned 0xb [0257.228] GdipImageGetFrameDimensionsCount (image=0x1c577b70, count=0x15e3c0) returned 0x0 [0257.229] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x1df61d40 [0257.229] GdipImageGetFrameDimensionsList (image=0x1c577b70, dimensionIDs=0x1df61d40*(Data1=0xa41f4cd0, Data2=0x7ffa, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x12, [5]=0x0, [6]=0x0, [7]=0x0)), count=0x1) returned 0x0 [0257.235] LocalFree (hMem=0x1df61d40) returned 0x0 [0257.292] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x46, wParam=0x0, lParam=0x15ec90) returned 0x0 [0257.292] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x46, wParam=0x0, lParam=0x15ec90) returned 0x0 [0257.688] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0257.694] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0257.696] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0257.696] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0257.698] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15e798 | out: lpwndpl=0x15e798) returned 1 [0257.698] GetClientRect (in: hWnd=0x40376, lpRect=0x15e6e0 | out: lpRect=0x15e6e0) returned 1 [0257.698] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0257.699] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0257.699] GetSystemMetrics (nIndex=42) returned 0 [0257.699] GetWindowTextW (in: hWnd=0x40376, lpString=0x15e430, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0257.699] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15e430) returned 0xb [0257.699] GetClientRect (in: hWnd=0x40376, lpRect=0x15e4a8 | out: lpRect=0x15e4a8) returned 1 [0257.717] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x1ad638bc, dwData=0x0) returned 1 [0257.718] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x15dc80 | out: lpmi=0x15dc80) returned 1 [0257.718] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x4d0100d4 [0257.719] GetDeviceCaps (hdc=0x4d0100d4, index=12) returned 32 [0257.719] GetDeviceCaps (hdc=0x4d0100d4, index=14) returned 1 [0257.719] DeleteDC (hdc=0x4d0100d4) returned 1 [0257.723] GetCurrentObject (hdc=0x20105b1, type=0x1) returned 0xb00017 [0257.724] GetCurrentObject (hdc=0x20105b1, type=0x2) returned 0x900010 [0257.724] GetCurrentObject (hdc=0x20105b1, type=0x7) returned 0x79050917 [0257.725] GetCurrentObject (hdc=0x20105b1, type=0x6) returned 0x58a00b4 [0257.726] SaveDC (hdc=0x20105b1) returned 1 [0257.729] GetNearestColor (hdc=0x20105b1, color=0x80) returned 0x80 [0257.926] CreateSolidBrush (color=0x80) returned 0x33100911 [0257.926] FillRect (hDC=0x20105b1, lprc=0x15e190, hbr=0x33100911) returned 1 [0257.936] DeleteObject (ho=0x33100911) returned 1 [0257.940] RestoreDC (hdc=0x20105b1, nSavedDC=-1) returned 1 [0258.276] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.277] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x1 [0258.278] SetTextColor (hdc=0xffffffffb2010715, color=0xf0f0f0) returned 0x0 [0258.279] SetBkColor (hdc=0xffffffffb2010715, color=0x80) returned 0xffffff [0258.280] CreateSolidBrush (color=0x80) returned 0x34100911 [0258.286] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15dc98 | out: lpwndpl=0x15dc98) returned 1 [0258.286] GetClientRect (in: hWnd=0x40376, lpRect=0x15dbe0 | out: lpRect=0x15dbe0) returned 1 [0258.287] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.287] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.287] GetSystemMetrics (nIndex=42) returned 0 [0258.287] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d930, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.287] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d930) returned 0xb [0258.288] GetClientRect (in: hWnd=0x40376, lpRect=0x15d9a8 | out: lpRect=0x15d9a8) returned 1 [0258.288] GetCurrentObject (hdc=0x46010962, type=0x1) returned 0xb00017 [0258.288] GetCurrentObject (hdc=0x46010962, type=0x2) returned 0x900010 [0258.288] GetCurrentObject (hdc=0x46010962, type=0x7) returned 0x2905093b [0258.288] GetCurrentObject (hdc=0x46010962, type=0x6) returned 0x58a00b4 [0258.289] SaveDC (hdc=0x46010962) returned 1 [0258.290] GetNearestColor (hdc=0x46010962, color=0x80) returned 0x80 [0258.290] CreateSolidBrush (color=0x80) returned 0x4a1008a6 [0258.290] FillRect (hDC=0x46010962, lprc=0x15d690, hbr=0x4a1008a6) returned 1 [0258.290] DeleteObject (ho=0x4a1008a6) returned 1 [0258.290] RestoreDC (hdc=0x46010962, nSavedDC=-1) returned 1 [0258.291] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.291] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.291] GetSystemMetrics (nIndex=42) returned 0 [0258.291] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d8a0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.291] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d8a0) returned 0xb [0258.292] GetClientRect (in: hWnd=0x40376, lpRect=0x15d918 | out: lpRect=0x15d918) returned 1 [0258.292] GetCurrentObject (hdc=0x46010962, type=0x1) returned 0xb00017 [0258.292] GetCurrentObject (hdc=0x46010962, type=0x2) returned 0x900010 [0258.292] GetCurrentObject (hdc=0x46010962, type=0x7) returned 0x2905093b [0258.293] GetCurrentObject (hdc=0x46010962, type=0x6) returned 0x58a00b4 [0258.294] SaveDC (hdc=0x46010962) returned 1 [0258.294] GetNearestColor (hdc=0x46010962, color=0x80) returned 0x80 [0258.294] CreateSolidBrush (color=0x80) returned 0x4b1008a6 [0258.295] FillRect (hDC=0x46010962, lprc=0x15d600, hbr=0x4b1008a6) returned 1 [0258.295] DeleteObject (ho=0x4b1008a6) returned 1 [0258.295] RestoreDC (hdc=0x46010962, nSavedDC=-1) returned 1 [0258.295] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.295] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.295] GetSystemMetrics (nIndex=42) returned 0 [0258.295] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d8a0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.295] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d8a0) returned 0xb [0258.297] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x14, wParam=0x580108aa, lParam=0x0) returned 0x1 [0258.297] SetTextColor (hdc=0x580108aa, color=0xf0f0f0) returned 0x0 [0258.297] SetBkColor (hdc=0x580108aa, color=0x80) returned 0xffffff [0258.298] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.298] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.302] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x14, wParam=0x20105b1, lParam=0x0) returned 0x1 [0258.304] SetTextColor (hdc=0x20105b1, color=0x0) returned 0x0 [0258.304] SetBkColor (hdc=0x20105b1, color=0xffffff) returned 0xffffff [0258.305] GetSysColorBrush (nIndex=5) returned 0x100075 [0258.305] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.305] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.306] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.306] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x14, wParam=0x20105b1, lParam=0x0) returned 0x1 [0258.306] GetStockObject (i=5) returned 0x900015 [0258.306] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x1 [0258.307] SetTextColor (hdc=0x580108aa, color=0x0) returned 0x0 [0258.307] SetBkColor (hdc=0x580108aa, color=0xffffff) returned 0xffffff [0258.307] GetSysColorBrush (nIndex=5) returned 0x100075 [0258.307] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15dc98 | out: lpwndpl=0x15dc98) returned 1 [0258.308] GetClientRect (in: hWnd=0x40376, lpRect=0x15dbe0 | out: lpRect=0x15dbe0) returned 1 [0258.308] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.308] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.308] GetSystemMetrics (nIndex=42) returned 0 [0258.308] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d930, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.308] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d930) returned 0xb [0258.309] GetClientRect (in: hWnd=0x40376, lpRect=0x15d9a8 | out: lpRect=0x15d9a8) returned 1 [0258.309] GetCurrentObject (hdc=0x47010962, type=0x1) returned 0xb00017 [0258.309] GetCurrentObject (hdc=0x47010962, type=0x2) returned 0x900010 [0258.309] GetCurrentObject (hdc=0x47010962, type=0x7) returned 0x2905093b [0258.309] GetCurrentObject (hdc=0x47010962, type=0x6) returned 0x58a00b4 [0258.310] SaveDC (hdc=0x47010962) returned 1 [0258.311] GetNearestColor (hdc=0x47010962, color=0x80) returned 0x80 [0258.311] CreateSolidBrush (color=0x80) returned 0x4c1008a6 [0258.311] FillRect (hDC=0x47010962, lprc=0x15d690, hbr=0x4c1008a6) returned 1 [0258.311] DeleteObject (ho=0x4c1008a6) returned 1 [0258.311] RestoreDC (hdc=0x47010962, nSavedDC=-1) returned 1 [0258.312] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.312] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.312] GetSystemMetrics (nIndex=42) returned 0 [0258.312] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d8a0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.312] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d8a0) returned 0xb [0258.313] GetClientRect (in: hWnd=0x40376, lpRect=0x15d918 | out: lpRect=0x15d918) returned 1 [0258.313] GetCurrentObject (hdc=0x47010962, type=0x1) returned 0xb00017 [0258.313] GetCurrentObject (hdc=0x47010962, type=0x2) returned 0x900010 [0258.313] GetCurrentObject (hdc=0x47010962, type=0x7) returned 0x2905093b [0258.313] GetCurrentObject (hdc=0x47010962, type=0x6) returned 0x58a00b4 [0258.314] SaveDC (hdc=0x47010962) returned 1 [0258.315] GetNearestColor (hdc=0x47010962, color=0x80) returned 0x80 [0258.315] CreateSolidBrush (color=0x80) returned 0x4d1008a6 [0258.315] FillRect (hDC=0x47010962, lprc=0x15d600, hbr=0x4d1008a6) returned 1 [0258.315] DeleteObject (ho=0x4d1008a6) returned 1 [0258.315] RestoreDC (hdc=0x47010962, nSavedDC=-1) returned 1 [0258.316] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.316] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.316] GetSystemMetrics (nIndex=42) returned 0 [0258.316] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d8a0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.504] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d8a0) returned 0xb [0258.506] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x14, wParam=0x580108aa, lParam=0x0) returned 0x1 [0258.507] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15e778 | out: lpwndpl=0x15e778) returned 1 [0258.507] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x47, wParam=0x0, lParam=0x15ec90) returned 0x0 [0258.507] GetClientRect (in: hWnd=0x40376, lpRect=0x15e640 | out: lpRect=0x15e640) returned 1 [0258.507] GetWindowRect (in: hWnd=0x40376, lpRect=0x15e640 | out: lpRect=0x15e640) returned 1 [0258.508] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0258.509] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0258.509] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0258.514] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x5, wParam=0x0, lParam=0x1b903bf) returned 0x0 [0258.514] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x3, wParam=0x0, lParam=0xdd00f0) returned 0x0 [0258.514] GetClientRect (in: hWnd=0x40376, lpRect=0x15e6d0 | out: lpRect=0x15e6d0) returned 1 [0258.514] GetWindowRect (in: hWnd=0x40376, lpRect=0x15e6d0 | out: lpRect=0x15e6d0) returned 1 [0258.536] GetFocus () returned 0x40376 [0258.536] GetFocus () returned 0x40376 [0258.536] SetFocus (hWnd=0x80386) returned 0x40376 [0258.539] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x8, wParam=0x80386, lParam=0x0) returned 0x0 [0258.542] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0 [0258.543] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0258.608] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0258.611] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x7, wParam=0x40376, lParam=0x0) returned 0x1 [0258.611] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0258.612] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x282, wParam=0xa, lParam=0x0) returned 0x0 [0258.614] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0258.614] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x282, wParam=0xf, lParam=0xe0157) returned 0x0 [0258.615] SetTextColor (hdc=0x580108aa, color=0x0) returned 0x0 [0258.615] SetBkColor (hdc=0x580108aa, color=0xffffff) returned 0xffffff [0258.616] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0258.616] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x282, wParam=0xb, lParam=0x0) returned 0x0 [0258.617] SendMessageW (hWnd=0x80386, Msg=0x2111, wParam=0x1000386, lParam=0x80386) returned 0x0 [0258.623] SendMessageW (hWnd=0x80386, Msg=0xb0, wParam=0x15e580, lParam=0x15e520) returned 0x0 [0258.624] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xb0, wParam=0x15e580, lParam=0x15e520) returned 0x0 [0258.624] GetKeyState (nVirtKey=1) returned 0 [0258.624] GetKeyState (nVirtKey=2) returned 0 [0258.624] GetKeyState (nVirtKey=4) returned 0 [0258.624] GetKeyState (nVirtKey=5) returned 0 [0258.624] GetKeyState (nVirtKey=6) returned 0 [0258.624] GetWindowTextLengthW (hWnd=0x80386) returned 0 [0258.624] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0258.624] SendMessageW (hWnd=0x80386, Msg=0xb1, wParam=0x0, lParam=0x0) returned 0x1 [0258.625] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xb1, wParam=0x0, lParam=0x0) returned 0x1 [0258.625] GetFocus () returned 0x80386 [0258.626] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.673] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x46, wParam=0x0, lParam=0x15ebf0) returned 0x0 [0258.673] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x83, wParam=0x1, lParam=0x15ebc0) returned 0x0 [0258.682] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.683] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0258.683] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0258.684] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0258.684] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15e6f8 | out: lpwndpl=0x15e6f8) returned 1 [0258.685] GetClientRect (in: hWnd=0x40376, lpRect=0x15e640 | out: lpRect=0x15e640) returned 1 [0258.685] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.685] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.685] GetSystemMetrics (nIndex=42) returned 0 [0258.685] GetWindowTextW (in: hWnd=0x40376, lpString=0x15e390, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.685] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15e390) returned 0xb [0258.686] GetClientRect (in: hWnd=0x40376, lpRect=0x15e408 | out: lpRect=0x15e408) returned 1 [0258.686] GetCurrentObject (hdc=0xffffffffb2010715, type=0x1) returned 0xb00017 [0258.686] GetCurrentObject (hdc=0xffffffffb2010715, type=0x2) returned 0x900010 [0258.686] GetCurrentObject (hdc=0xffffffffb2010715, type=0x7) returned 0x79050917 [0258.686] GetCurrentObject (hdc=0xffffffffb2010715, type=0x6) returned 0x58a00b4 [0258.687] SaveDC (hdc=0xffffffffb2010715) returned 1 [0258.688] GetNearestColor (hdc=0xffffffffb2010715, color=0x80) returned 0x80 [0258.688] CreateSolidBrush (color=0x80) returned 0x4e1008a6 [0258.688] FillRect (hDC=0xffffffffb2010715, lprc=0x15e0f0, hbr=0x4e1008a6) returned 1 [0258.689] DeleteObject (ho=0x4e1008a6) returned 1 [0258.689] RestoreDC (hdc=0xffffffffb2010715, nSavedDC=-1) returned 1 [0258.690] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.690] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x1 [0258.690] SetTextColor (hdc=0xffffffffb2010715, color=0xf0f0f0) returned 0x0 [0258.690] SetBkColor (hdc=0xffffffffb2010715, color=0x80) returned 0xffffff [0258.692] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15dbf8 | out: lpwndpl=0x15dbf8) returned 1 [0258.692] GetClientRect (in: hWnd=0x40376, lpRect=0x15db40 | out: lpRect=0x15db40) returned 1 [0258.692] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.692] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.693] GetSystemMetrics (nIndex=42) returned 0 [0258.693] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d890, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.693] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d890) returned 0xb [0258.693] GetClientRect (in: hWnd=0x40376, lpRect=0x15d908 | out: lpRect=0x15d908) returned 1 [0258.693] GetCurrentObject (hdc=0x48010962, type=0x1) returned 0xb00017 [0258.694] GetCurrentObject (hdc=0x48010962, type=0x2) returned 0x900010 [0258.694] GetCurrentObject (hdc=0x48010962, type=0x7) returned 0x2905093b [0258.694] GetCurrentObject (hdc=0x48010962, type=0x6) returned 0x58a00b4 [0258.695] SaveDC (hdc=0x48010962) returned 1 [0258.695] GetNearestColor (hdc=0x48010962, color=0x80) returned 0x80 [0258.696] CreateSolidBrush (color=0x80) returned 0x4f1008a6 [0258.696] FillRect (hDC=0x48010962, lprc=0x15d5f0, hbr=0x4f1008a6) returned 1 [0258.696] DeleteObject (ho=0x4f1008a6) returned 1 [0258.696] RestoreDC (hdc=0x48010962, nSavedDC=-1) returned 1 [0258.696] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.697] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.697] GetSystemMetrics (nIndex=42) returned 0 [0258.697] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d800, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.697] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d800) returned 0xb [0258.697] GetClientRect (in: hWnd=0x40376, lpRect=0x15d878 | out: lpRect=0x15d878) returned 1 [0258.698] GetCurrentObject (hdc=0x48010962, type=0x1) returned 0xb00017 [0258.698] GetCurrentObject (hdc=0x48010962, type=0x2) returned 0x900010 [0258.698] GetCurrentObject (hdc=0x48010962, type=0x7) returned 0x2905093b [0258.698] GetCurrentObject (hdc=0x48010962, type=0x6) returned 0x58a00b4 [0258.699] SaveDC (hdc=0x48010962) returned 1 [0258.699] GetNearestColor (hdc=0x48010962, color=0x80) returned 0x80 [0258.700] CreateSolidBrush (color=0x80) returned 0x501008a6 [0258.700] FillRect (hDC=0x48010962, lprc=0x15d560, hbr=0x501008a6) returned 1 [0258.700] DeleteObject (ho=0x501008a6) returned 1 [0258.700] RestoreDC (hdc=0x48010962, nSavedDC=-1) returned 1 [0258.700] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.700] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.700] GetSystemMetrics (nIndex=42) returned 0 [0258.700] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d800, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.700] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d800) returned 0xb [0258.702] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x14, wParam=0x580108aa, lParam=0x0) returned 0x1 [0258.702] SetTextColor (hdc=0x580108aa, color=0xf0f0f0) returned 0x0 [0258.702] SetBkColor (hdc=0x580108aa, color=0x80) returned 0xffffff [0258.702] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.703] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.715] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x14, wParam=0x20105b1, lParam=0x0) returned 0x1 [0258.715] SetTextColor (hdc=0x20105b1, color=0x0) returned 0x0 [0258.715] SetBkColor (hdc=0x20105b1, color=0xffffff) returned 0xffffff [0258.716] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.716] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.716] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.717] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x14, wParam=0x20105b1, lParam=0x0) returned 0x1 [0258.717] GetStockObject (i=5) returned 0x900015 [0258.717] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x1 [0258.717] SetTextColor (hdc=0x580108aa, color=0x0) returned 0x0 [0258.717] SetBkColor (hdc=0x580108aa, color=0xffffff) returned 0xffffff [0258.718] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15dbf8 | out: lpwndpl=0x15dbf8) returned 1 [0258.718] GetClientRect (in: hWnd=0x40376, lpRect=0x15db40 | out: lpRect=0x15db40) returned 1 [0258.718] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.718] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.718] GetSystemMetrics (nIndex=42) returned 0 [0258.718] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d890, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.718] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d890) returned 0xb [0258.719] GetClientRect (in: hWnd=0x40376, lpRect=0x15d908 | out: lpRect=0x15d908) returned 1 [0258.720] GetCurrentObject (hdc=0x49010962, type=0x1) returned 0xb00017 [0258.720] GetCurrentObject (hdc=0x49010962, type=0x2) returned 0x900010 [0258.720] GetCurrentObject (hdc=0x49010962, type=0x7) returned 0x2905093b [0258.720] GetCurrentObject (hdc=0x49010962, type=0x6) returned 0x58a00b4 [0258.721] SaveDC (hdc=0x49010962) returned 1 [0258.721] GetNearestColor (hdc=0x49010962, color=0x80) returned 0x80 [0258.721] CreateSolidBrush (color=0x80) returned 0x521008a6 [0258.721] FillRect (hDC=0x49010962, lprc=0x15d5f0, hbr=0x521008a6) returned 1 [0258.722] DeleteObject (ho=0x521008a6) returned 1 [0258.722] RestoreDC (hdc=0x49010962, nSavedDC=-1) returned 1 [0258.722] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.727] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.727] GetSystemMetrics (nIndex=42) returned 0 [0258.727] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d800, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.728] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d800) returned 0xb [0258.728] GetClientRect (in: hWnd=0x40376, lpRect=0x15d878 | out: lpRect=0x15d878) returned 1 [0258.728] GetCurrentObject (hdc=0x49010962, type=0x1) returned 0xb00017 [0258.728] GetCurrentObject (hdc=0x49010962, type=0x2) returned 0x900010 [0258.729] GetCurrentObject (hdc=0x49010962, type=0x7) returned 0x2905093b [0258.729] GetCurrentObject (hdc=0x49010962, type=0x6) returned 0x58a00b4 [0258.730] SaveDC (hdc=0x49010962) returned 1 [0258.730] GetNearestColor (hdc=0x49010962, color=0x80) returned 0x80 [0258.730] CreateSolidBrush (color=0x80) returned 0x531008a6 [0258.730] FillRect (hDC=0x49010962, lprc=0x15d560, hbr=0x531008a6) returned 1 [0258.731] DeleteObject (ho=0x531008a6) returned 1 [0258.731] RestoreDC (hdc=0x49010962, nSavedDC=-1) returned 1 [0258.731] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.731] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.731] GetSystemMetrics (nIndex=42) returned 0 [0258.731] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d800, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.731] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d800) returned 0xb [0258.732] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x14, wParam=0x20105b1, lParam=0x0) returned 0x1 [0258.733] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15e6d8 | out: lpwndpl=0x15e6d8) returned 1 [0258.733] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x47, wParam=0x0, lParam=0x15ebf0) returned 0x0 [0258.733] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x5, wParam=0x0, lParam=0x1b903bf) returned 0x0 [0258.733] GetClientRect (in: hWnd=0x40376, lpRect=0x15e5a0 | out: lpRect=0x15e5a0) returned 1 [0258.733] GetWindowRect (in: hWnd=0x40376, lpRect=0x15e5a0 | out: lpRect=0x15e5a0) returned 1 [0258.734] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0258.734] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0258.735] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0258.753] IsWindowUnicode (hWnd=0x40376) returned 1 [0258.764] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.781] TranslateMessage (lpMsg=0x15ee30) returned 0 [0258.782] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0258.786] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0258.787] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.787] IsWindowUnicode (hWnd=0x30384) returned 1 [0258.787] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.787] TranslateMessage (lpMsg=0x15ee30) returned 0 [0258.787] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0258.787] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0258.787] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.788] IsWindowUnicode (hWnd=0x60044) returned 1 [0258.788] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.788] TranslateMessage (lpMsg=0x15ee30) returned 0 [0258.788] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0258.788] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0258.788] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.788] IsWindowUnicode (hWnd=0x40376) returned 1 [0258.788] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.789] TranslateMessage (lpMsg=0x15ee30) returned 0 [0258.789] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0258.795] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.795] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x24701a2) returned 0x1 [0258.796] IsWindowUnicode (hWnd=0xa0050) returned 1 [0258.796] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.796] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x24701a2) returned 0x1 [0258.798] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0258.799] SetCursor (hCursor=0x10003) returned 0x10007 [0258.824] TranslateMessage (lpMsg=0x15ee30) returned 0 [0258.824] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0258.847] _TrackMouseEvent (in: lpEventTrack=0x227ad40 | out: lpEventTrack=0x227ad40) returned 1 [0258.856] SendMessageW (hWnd=0xa0050, Msg=0xc1d7, wParam=0x0, lParam=0x0) returned 0x0 [0258.856] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0xc1d7, wParam=0x0, lParam=0x0) returned 0x0 [0258.857] InvalidateRect (hWnd=0xa0050, lpRect=0x0, bErase=0) returned 1 [0258.860] GetKeyState (nVirtKey=1) returned 0 [0258.860] GetKeyState (nVirtKey=2) returned 0 [0258.860] GetKeyState (nVirtKey=4) returned 0 [0258.860] GetKeyState (nVirtKey=5) returned 0 [0258.860] GetKeyState (nVirtKey=6) returned 0 [0258.860] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.861] IsWindowUnicode (hWnd=0x40376) returned 1 [0258.861] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.861] TranslateMessage (lpMsg=0x15ee30) returned 0 [0258.861] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0258.865] BeginPaint (in: hWnd=0x40376, lpPaint=0x15e4b8 | out: lpPaint=0x15e4b8) returned 0x20105b1 [0258.866] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.867] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0258.867] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0258.867] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0258.868] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15dee8 | out: lpwndpl=0x15dee8) returned 1 [0258.869] GetClientRect (in: hWnd=0x40376, lpRect=0x15de30 | out: lpRect=0x15de30) returned 1 [0258.869] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.869] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.869] GetSystemMetrics (nIndex=42) returned 0 [0258.869] GetWindowTextW (in: hWnd=0x40376, lpString=0x15db80, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.869] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15db80) returned 0xb [0258.870] GetClientRect (in: hWnd=0x40376, lpRect=0x15dbf8 | out: lpRect=0x15dbf8) returned 1 [0258.870] GetCurrentObject (hdc=0x20105b1, type=0x1) returned 0xb00017 [0258.870] GetCurrentObject (hdc=0x20105b1, type=0x2) returned 0x900010 [0258.870] GetCurrentObject (hdc=0x20105b1, type=0x7) returned 0x79050917 [0258.871] GetCurrentObject (hdc=0x20105b1, type=0x6) returned 0x58a00b4 [0258.872] SaveDC (hdc=0x20105b1) returned 1 [0258.872] GetNearestColor (hdc=0x20105b1, color=0x80) returned 0x80 [0258.873] CreateSolidBrush (color=0x80) returned 0x541008a6 [0258.873] FillRect (hDC=0x20105b1, lprc=0x15d8e0, hbr=0x541008a6) returned 1 [0258.881] DeleteObject (ho=0x541008a6) returned 1 [0258.882] RestoreDC (hdc=0x20105b1, nSavedDC=-1) returned 1 [0258.885] GdipCreateHalftonePalette () returned 0x5308094c [0258.886] SelectPalette (hdc=0x20105b1, hPal=0x5308094c, bForceBkgd=1) returned 0x88000b [0258.887] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0258.887] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0258.887] GetSystemMetrics (nIndex=42) returned 0 [0258.888] GetWindowTextW (in: hWnd=0x40376, lpString=0x15e340, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0258.888] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15e340) returned 0xb [0258.888] SelectPalette (hdc=0x20105b1, hPal=0x88000b, bForceBkgd=0) returned 0x5308094c [0258.889] EndPaint (hWnd=0x40376, lpPaint=0x15e458) returned 1 [0258.890] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.890] IsWindowUnicode (hWnd=0xf037a) returned 1 [0258.890] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0258.891] TranslateMessage (lpMsg=0x15ee30) returned 0 [0258.891] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0258.891] BeginPaint (in: hWnd=0xf037a, lpPaint=0x15e518 | out: lpPaint=0x15e518) returned 0x20105b1 [0258.891] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0258.892] SelectPalette (hdc=0x20105b1, hPal=0x5308094c, bForceBkgd=1) returned 0x88000b [0258.903] CreateCompatibleDC (hdc=0x20105b1) returned 0x7e01094b [0258.903] GetObjectType (h=0x20105b1) returned 0x3 [0258.904] CreateCompatibleBitmap (hdc=0x20105b1, cx=1, cy=1) returned 0xffffffff9b0508ec [0258.905] GetDIBits (in: hdc=0x20105b1, hbm=0xffffffff9b0508ec, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0x15de88, usage=0x0 | out: lpvBits=0x0, lpbmi=0x15de88) returned 1 [0258.906] GetDIBits (in: hdc=0x20105b1, hbm=0xffffffff9b0508ec, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x15de88, usage=0x0 | out: lpvBits=0x0, lpbmi=0x15de88) returned 1 [0258.907] DeleteObject (ho=0xffffffff9b0508ec) returned 1 [0258.908] CreateDIBSection (in: hdc=0x20105b1, lpbmi=0x15df48, usage=0x0, ppvBits=0x15e500, hSection=0x0, offset=0x0 | out: ppvBits=0x15e500) returned 0xffffffffad0505b7 [0258.909] SelectObject (hdc=0x7e01094b, h=0xffffffffad0505b7) returned 0x85000f [0258.909] GdipCreateFromHDC (hdc=0x7e01094b, graphics=0x15e488) returned 0x0 [0258.918] GdipTranslateWorldTransform (graphics=0x1c578a40, dx=0x7ffa837b8354, dy=0x2adc743b6b29, order=0x0) returned 0x0 [0258.922] GdipSetClipRectI (graphics=0x1c578a40, x=0, y=0, width=128, height=149, combineMode=0x0) returned 0x0 [0258.977] GdipCreateMatrix (matrix=0x15e4c0) returned 0x0 [0258.977] GdipGetWorldTransform (graphics=0x1c578a40, matrix=0x1c572470) returned 0x0 [0258.980] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15e528) returned 0x0 [0258.982] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74b60 [0258.983] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df74b60) returned 0x0 [0258.984] LocalFree (hMem=0x1df74b60) returned 0x0 [0258.984] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0258.994] GdipCreateRegion (region=0x15e4c0) returned 0x0 [0258.995] GdipGetClip (graphics=0x1c578a40, region=0x1c578e20) returned 0x0 [0259.001] GdipIsInfiniteRegion (region=0x1c578e20, graphics=0x1c578a40, result=0x15e520) returned 0x0 [0259.002] GdipSaveGraphics (graphics=0x1c578a40, state=0x15e5c0) returned 0x0 [0259.038] GetWindowTextLengthW (hWnd=0xf037a) returned 0 [0259.038] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0259.038] GetSystemMetrics (nIndex=42) returned 0 [0259.038] GetWindowTextW (in: hWnd=0xf037a, lpString=0x15e3b0, nMaxCount=1 | out: lpString="") returned 0 [0259.039] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0xd, wParam=0x1, lParam=0x15e3b0) returned 0x0 [0259.039] GetClientRect (in: hWnd=0xf037a, lpRect=0x15e558 | out: lpRect=0x15e558) returned 1 [0259.043] GdipCreateRegion (region=0x15e140) returned 0x0 [0259.043] GdipGetClip (graphics=0x1c578a40, region=0x1c579200) returned 0x0 [0259.043] GdipCreateMatrix (matrix=0x15e140) returned 0x0 [0259.043] GdipGetWorldTransform (graphics=0x1c578a40, matrix=0x1c5792c0) returned 0x0 [0259.045] GdipIsMatrixIdentity (matrix=0x1c5792c0, result=0x15e1a8) returned 0x0 [0259.045] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75120 [0259.045] GdipGetMatrixElements (matrix=0x1c5792c0, matrixOut=0x1df75120) returned 0x0 [0259.046] LocalFree (hMem=0x1df75120) returned 0x0 [0259.049] GdipCombineRegionRegion (region=0x1c579200, region2=0x1c578e20, combineMode=0x1) returned 0x0 [0259.050] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74ae0 [0259.050] GdipGetMatrixElements (matrix=0x1c5792c0, matrixOut=0x1df74ae0) returned 0x0 [0259.050] LocalFree (hMem=0x1df74ae0) returned 0x0 [0259.052] GdipDeleteMatrix (matrix=0x1c5792c0) returned 0x0 [0259.052] GdipIsInfiniteRegion (region=0x1c579200, graphics=0x1c578a40, result=0x15e200) returned 0x0 [0259.052] GdipIsInfiniteRegion (region=0x1c579200, graphics=0x1c578a40, result=0x15e1c0) returned 0x0 [0259.056] GdipGetRegionHRgn (region=0x1c579200, graphics=0x1c578a40, hRgn=0x15e1c0) returned 0x0 [0259.061] GdipDeleteRegion (region=0x1c579200) returned 0x0 [0259.062] GdipGetDC (graphics=0x1c578a40, hdc=0x15e208) returned 0x0 [0259.063] GetCurrentObject (hdc=0x7e01094b, type=0x1) returned 0xb00017 [0259.063] GetCurrentObject (hdc=0x7e01094b, type=0x2) returned 0x900010 [0259.063] GetCurrentObject (hdc=0x7e01094b, type=0x7) returned 0xffffffffad0505b7 [0259.063] GetCurrentObject (hdc=0x7e01094b, type=0x6) returned 0x58a00b4 [0259.064] SaveDC (hdc=0x7e01094b) returned 1 [0259.076] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x530408db [0259.077] GetClipRgn (hdc=0x7e01094b, hrgn=0x530408db) returned 0 [0259.077] SelectClipRgn (hdc=0x7e01094b, hrgn=0x8204091d) returned 2 [0259.080] DeleteObject (ho=0x530408db) returned 1 [0259.080] DeleteObject (ho=0x8204091d) returned 1 [0259.133] OffsetViewportOrgEx (in: hdc=0x7e01094b, x=0, y=0, lppt=0x227cd48 | out: lppt=0x227cd48) returned 1 [0259.134] GetNearestColor (hdc=0x7e01094b, color=0x80) returned 0x80 [0259.134] CreateSolidBrush (color=0x80) returned 0x551008a6 [0259.134] FillRect (hDC=0x7e01094b, lprc=0x15e240, hbr=0x551008a6) returned 1 [0259.137] DeleteObject (ho=0x551008a6) returned 1 [0259.137] RestoreDC (hdc=0x7e01094b, nSavedDC=-1) returned 1 [0259.141] GdipReleaseDC (graphics=0x1c578a40, hdc=0x7e01094b) returned 0x0 [0259.144] GdipRestoreGraphics (graphics=0x1c578a40, state=0xfffffffffdb00dbd) returned 0x0 [0259.148] GdipDeleteRegion (region=0x1c578e20) returned 0x0 [0259.149] GetWindowTextLengthW (hWnd=0xf037a) returned 0 [0259.149] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0259.149] GetSystemMetrics (nIndex=42) returned 0 [0259.149] GetWindowTextW (in: hWnd=0xf037a, lpString=0x15e3b0, nMaxCount=1 | out: lpString="") returned 0 [0259.149] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0xf037a, Msg=0xd, wParam=0x1, lParam=0x15e3b0) returned 0x0 [0259.153] GdipGetImageWidth (image=0x1c577b70, width=0x15e3a8) returned 0x0 [0259.153] GdipGetImageHeight (image=0x1c577b70, height=0x15e3a8) returned 0x0 [0259.156] GdipDrawImageRectI (graphics=0x1c578a40, image=0x1c577b70, x=0, y=0, width=128, height=128) returned 0x0 [0259.167] GdipGetDC (graphics=0x1c578a40, hdc=0x15e4d8) returned 0x0 [0259.169] BitBlt (hdc=0x20105b1, x=0, y=0, cx=128, cy=149, hdcSrc=0x7e01094b, x1=0, y1=0, rop=0xcc0020) returned 1 [0259.172] GdipReleaseDC (graphics=0x1c578a40, hdc=0x7e01094b) returned 0x0 [0259.172] SelectPalette (hdc=0x20105b1, hPal=0x88000b, bForceBkgd=0) returned 0x5308094c [0259.173] SelectObject (hdc=0x7e01094b, h=0x85000f) returned 0xffffffffad0505b7 [0259.173] DeleteDC (hdc=0x7e01094b) returned 1 [0259.173] GdipDeleteGraphics (graphics=0x1c578a40) returned 0x0 [0259.173] EndPaint (hWnd=0xf037a, lpPaint=0x15e4b8) returned 1 [0259.174] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.174] IsWindowUnicode (hWnd=0x90252) returned 1 [0259.174] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.174] TranslateMessage (lpMsg=0x15ee30) returned 0 [0259.174] DispatchMessageW (lpMsg=0x15ee30) returned 0x1 [0259.174] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0259.175] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x1 [0259.175] SetTextColor (hdc=0x580108aa, color=0xf0f0f0) returned 0x0 [0259.175] SetBkColor (hdc=0x580108aa, color=0x80) returned 0xffffff [0259.176] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15d218 | out: lpwndpl=0x15d218) returned 1 [0259.176] GetClientRect (in: hWnd=0x40376, lpRect=0x15d160 | out: lpRect=0x15d160) returned 1 [0259.176] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0259.176] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0259.176] GetSystemMetrics (nIndex=42) returned 0 [0259.176] GetWindowTextW (in: hWnd=0x40376, lpString=0x15ceb0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0259.176] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15ceb0) returned 0xb [0259.177] GetClientRect (in: hWnd=0x40376, lpRect=0x15cf28 | out: lpRect=0x15cf28) returned 1 [0259.177] GetCurrentObject (hdc=0x4a010962, type=0x1) returned 0xb00017 [0259.177] GetCurrentObject (hdc=0x4a010962, type=0x2) returned 0x900010 [0259.178] GetCurrentObject (hdc=0x4a010962, type=0x7) returned 0x2905093b [0259.178] GetCurrentObject (hdc=0x4a010962, type=0x6) returned 0x58a00b4 [0259.179] SaveDC (hdc=0x4a010962) returned 1 [0259.179] GetNearestColor (hdc=0x4a010962, color=0x80) returned 0x80 [0259.180] CreateSolidBrush (color=0x80) returned 0x561008a6 [0259.180] FillRect (hDC=0x4a010962, lprc=0x15cc10, hbr=0x561008a6) returned 1 [0259.180] DeleteObject (ho=0x561008a6) returned 1 [0259.180] RestoreDC (hdc=0x4a010962, nSavedDC=-1) returned 1 [0259.180] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0259.181] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0259.181] GetSystemMetrics (nIndex=42) returned 0 [0259.181] GetWindowTextW (in: hWnd=0x40376, lpString=0x15ce20, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0259.181] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15ce20) returned 0xb [0259.181] GetClientRect (in: hWnd=0x40376, lpRect=0x15ce98 | out: lpRect=0x15ce98) returned 1 [0259.182] GetCurrentObject (hdc=0x4a010962, type=0x1) returned 0xb00017 [0259.182] GetCurrentObject (hdc=0x4a010962, type=0x2) returned 0x900010 [0259.182] GetCurrentObject (hdc=0x4a010962, type=0x7) returned 0x2905093b [0259.182] GetCurrentObject (hdc=0x4a010962, type=0x6) returned 0x58a00b4 [0259.183] SaveDC (hdc=0x4a010962) returned 1 [0259.184] GetNearestColor (hdc=0x4a010962, color=0x80) returned 0x80 [0259.184] CreateSolidBrush (color=0x80) returned 0x571008a6 [0259.184] FillRect (hDC=0x4a010962, lprc=0x15cb80, hbr=0x571008a6) returned 1 [0259.185] DeleteObject (ho=0x571008a6) returned 1 [0259.185] RestoreDC (hdc=0x4a010962, nSavedDC=-1) returned 1 [0259.185] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0259.185] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0259.185] GetSystemMetrics (nIndex=42) returned 0 [0259.185] GetWindowTextW (in: hWnd=0x40376, lpString=0x15ce20, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0259.185] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15ce20) returned 0xb [0259.188] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x90252, Msg=0x14, wParam=0x20105b1, lParam=0x0) returned 0x1 [0259.188] SetTextColor (hdc=0x20105b1, color=0xf0f0f0) returned 0x0 [0259.188] SetBkColor (hdc=0x20105b1, color=0x80) returned 0xffffff [0259.190] SetTextColor (hdc=0x20105b1, color=0xf0f0f0) returned 0xf0f0f0 [0259.190] SetBkColor (hdc=0x20105b1, color=0x80) returned 0x80 [0259.190] SetTextColor (hdc=0x20105b1, color=0xf0f0f0) returned 0xf0f0f0 [0259.190] SetBkColor (hdc=0x20105b1, color=0x80) returned 0x80 [0259.209] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.209] IsWindowUnicode (hWnd=0x5005c) returned 1 [0259.209] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.209] TranslateMessage (lpMsg=0x15ee30) returned 0 [0259.209] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0259.209] BeginPaint (in: hWnd=0x5005c, lpPaint=0x15e498 | out: lpPaint=0x15e498) returned 0xffffffffb2010715 [0259.210] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0259.210] SelectPalette (hdc=0xffffffffb2010715, hPal=0x5308094c, bForceBkgd=1) returned 0x88000b [0259.211] CreateCompatibleDC (hdc=0xffffffffb2010715) returned 0xffffffffa20108ad [0259.211] SelectObject (hdc=0xffffffffa20108ad, h=0xffffffffad0505b7) returned 0x85000f [0259.211] GdipCreateFromHDC (hdc=0xffffffffa20108ad, graphics=0x15e408) returned 0x0 [0259.211] GdipTranslateWorldTransform (graphics=0x1c578a40, dx=0x7ffa837b8354, dy=0x2adc743b6b29, order=0x0) returned 0x0 [0259.212] GdipSetClipRectI (graphics=0x1c578a40, x=0, y=0, width=83, height=13, combineMode=0x0) returned 0x0 [0259.213] GdipCreateMatrix (matrix=0x15e440) returned 0x0 [0259.213] GdipGetWorldTransform (graphics=0x1c578a40, matrix=0x1c572470) returned 0x0 [0259.213] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15e4a8) returned 0x0 [0259.213] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df757a0 [0259.213] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df757a0) returned 0x0 [0259.214] LocalFree (hMem=0x1df757a0) returned 0x0 [0259.214] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0259.214] GdipCreateRegion (region=0x15e440) returned 0x0 [0259.215] GdipGetClip (graphics=0x1c578a40, region=0x1c578e20) returned 0x0 [0259.215] GdipIsInfiniteRegion (region=0x1c578e20, graphics=0x1c578a40, result=0x15e4a0) returned 0x0 [0259.215] GdipSaveGraphics (graphics=0x1c578a40, state=0x15e540) returned 0x0 [0259.215] GetWindowTextLengthW (hWnd=0x5005c) returned 15 [0259.215] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf [0259.215] GetSystemMetrics (nIndex=42) returned 0 [0259.215] GetWindowTextW (in: hWnd=0x5005c, lpString=0x15e310, nMaxCount=16 | out: lpString="Enter password:") returned 15 [0259.215] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0xd, wParam=0x10, lParam=0x15e310) returned 0xf [0259.216] GetClientRect (in: hWnd=0x5005c, lpRect=0x15e4d8 | out: lpRect=0x15e4d8) returned 1 [0259.217] GdipCreateRegion (region=0x15e0c0) returned 0x0 [0259.217] GdipGetClip (graphics=0x1c578a40, region=0x1c579200) returned 0x0 [0259.217] GdipCreateMatrix (matrix=0x15e0c0) returned 0x0 [0259.217] GdipGetWorldTransform (graphics=0x1c578a40, matrix=0x1c5792c0) returned 0x0 [0259.217] GdipIsMatrixIdentity (matrix=0x1c5792c0, result=0x15e128) returned 0x0 [0259.218] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75620 [0259.218] GdipGetMatrixElements (matrix=0x1c5792c0, matrixOut=0x1df75620) returned 0x0 [0259.218] LocalFree (hMem=0x1df75620) returned 0x0 [0259.219] GdipCombineRegionRegion (region=0x1c579200, region2=0x1c578e20, combineMode=0x1) returned 0x0 [0259.219] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df753a0 [0259.219] GdipGetMatrixElements (matrix=0x1c5792c0, matrixOut=0x1df753a0) returned 0x0 [0259.219] LocalFree (hMem=0x1df753a0) returned 0x0 [0259.219] GdipDeleteMatrix (matrix=0x1c5792c0) returned 0x0 [0259.220] GdipIsInfiniteRegion (region=0x1c579200, graphics=0x1c578a40, result=0x15e180) returned 0x0 [0259.220] GdipIsInfiniteRegion (region=0x1c579200, graphics=0x1c578a40, result=0x15e140) returned 0x0 [0259.220] GdipGetRegionHRgn (region=0x1c579200, graphics=0x1c578a40, hRgn=0x15e140) returned 0x0 [0259.220] GdipDeleteRegion (region=0x1c579200) returned 0x0 [0259.220] GdipGetDC (graphics=0x1c578a40, hdc=0x15e188) returned 0x0 [0259.221] GetCurrentObject (hdc=0xffffffffa20108ad, type=0x1) returned 0xb00017 [0259.221] GetCurrentObject (hdc=0xffffffffa20108ad, type=0x2) returned 0x900010 [0259.221] GetCurrentObject (hdc=0xffffffffa20108ad, type=0x7) returned 0xffffffffad0505b7 [0259.221] GetCurrentObject (hdc=0xffffffffa20108ad, type=0x6) returned 0x58a00b4 [0259.276] SaveDC (hdc=0xffffffffa20108ad) returned 1 [0259.277] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x8404091d [0259.277] GetClipRgn (hdc=0xffffffffa20108ad, hrgn=0x8404091d) returned 0 [0259.277] SelectClipRgn (hdc=0xffffffffa20108ad, hrgn=0x560408db) returned 2 [0259.278] DeleteObject (ho=0x8404091d) returned 1 [0259.278] DeleteObject (ho=0x560408db) returned 1 [0259.278] OffsetViewportOrgEx (in: hdc=0xffffffffa20108ad, x=0, y=0, lppt=0x22b6d28 | out: lppt=0x22b6d28) returned 1 [0259.278] GetNearestColor (hdc=0xffffffffa20108ad, color=0x80) returned 0x80 [0259.278] CreateSolidBrush (color=0x80) returned 0x581008a6 [0259.279] FillRect (hDC=0xffffffffa20108ad, lprc=0x15e1c0, hbr=0x581008a6) returned 1 [0259.279] DeleteObject (ho=0x581008a6) returned 1 [0259.279] RestoreDC (hdc=0xffffffffa20108ad, nSavedDC=-1) returned 1 [0259.279] GdipReleaseDC (graphics=0x1c578a40, hdc=0xffffffffa20108ad) returned 0x0 [0259.279] GdipRestoreGraphics (graphics=0x1c578a40, state=0xfffffffffdae0dbd) returned 0x0 [0259.279] GdipDeleteRegion (region=0x1c578e20) returned 0x0 [0259.280] GetWindowTextLengthW (hWnd=0x5005c) returned 15 [0259.280] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xf [0259.280] GetSystemMetrics (nIndex=42) returned 0 [0259.280] GetWindowTextW (in: hWnd=0x5005c, lpString=0x15e310, nMaxCount=16 | out: lpString="Enter password:") returned 15 [0259.280] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x5005c, Msg=0xd, wParam=0x10, lParam=0x15e310) returned 0xf [0259.280] GdipGetDC (graphics=0x1c578a40, hdc=0x15e328) returned 0x0 [0259.281] GetCurrentObject (hdc=0xffffffffa20108ad, type=0x1) returned 0xb00017 [0259.281] GetCurrentObject (hdc=0xffffffffa20108ad, type=0x2) returned 0x900010 [0259.281] GetCurrentObject (hdc=0xffffffffa20108ad, type=0x7) returned 0xffffffffad0505b7 [0259.281] GetCurrentObject (hdc=0xffffffffa20108ad, type=0x6) returned 0x58a00b4 [0259.282] SaveDC (hdc=0xffffffffa20108ad) returned 1 [0259.283] GetNearestColor (hdc=0xffffffffa20108ad, color=0xf0f0f0) returned 0xf0f0f0 [0259.283] RestoreDC (hdc=0xffffffffa20108ad, nSavedDC=-1) returned 1 [0259.283] GdipReleaseDC (graphics=0x1c578a40, hdc=0xffffffffa20108ad) returned 0x0 [0259.283] AdjustWindowRectEx (in: lpRect=0x15e1e0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e1e0) returned 1 [0259.288] GdipGetTextRenderingHint (graphics=0x1c578a40, mode=0x15e238) returned 0x0 [0259.289] GdipGetDC (graphics=0x1c578a40, hdc=0x15e228) returned 0x0 [0259.289] GetCurrentObject (hdc=0xffffffffa20108ad, type=0x1) returned 0xb00017 [0259.290] GetCurrentObject (hdc=0xffffffffa20108ad, type=0x2) returned 0x900010 [0259.290] GetCurrentObject (hdc=0xffffffffa20108ad, type=0x7) returned 0xffffffffad0505b7 [0259.290] GetCurrentObject (hdc=0xffffffffa20108ad, type=0x6) returned 0x58a00b4 [0259.291] SaveDC (hdc=0xffffffffa20108ad) returned 1 [0259.301] GetTextAlign (hdc=0xffffffffa20108ad) returned 0x0 [0259.307] GetTextColor (hdc=0xffffffffa20108ad) returned 0x0 [0259.312] SetTextColor (hdc=0xffffffffa20108ad, color=0xf0f0f0) returned 0x0 [0259.312] GetCurrentObject (hdc=0xffffffffa20108ad, type=0x6) returned 0x58a00b4 [0259.312] GetObjectW (in: h=0x58a00b4, c=92, pv=0x15dd20 | out: pv=0x15dd20) returned 92 [0259.313] SelectObject (hdc=0xffffffffa20108ad, h=0x3b0a05b0) returned 0x58a00b4 [0259.370] GetBkMode (hdc=0xffffffffa20108ad) returned 2 [0259.373] SetBkMode (hdc=0xffffffffa20108ad, mode=1) returned 2 [0259.373] DrawTextExW (in: hdc=0xffffffffa20108ad, lpchText="Enter password:", cchText=15, lprc=0x15e1a8, format=0x100000, lpdtp=0x22bf2a0 | out: lpchText="Enter password:", lprc=0x15e1a8) returned 13 [0259.380] RestoreDC (hdc=0xffffffffa20108ad, nSavedDC=-1) returned 1 [0259.381] GdipReleaseDC (graphics=0x1c578a40, hdc=0xffffffffa20108ad) returned 0x0 [0259.381] GdipGetDC (graphics=0x1c578a40, hdc=0x15e458) returned 0x0 [0259.381] BitBlt (hdc=0xffffffffb2010715, x=0, y=0, cx=83, cy=13, hdcSrc=0xffffffffa20108ad, x1=0, y1=0, rop=0xcc0020) returned 1 [0259.382] GdipReleaseDC (graphics=0x1c578a40, hdc=0xffffffffa20108ad) returned 0x0 [0259.382] SelectPalette (hdc=0xffffffffb2010715, hPal=0x88000b, bForceBkgd=0) returned 0x5308094c [0259.382] SelectObject (hdc=0xffffffffa20108ad, h=0x85000f) returned 0xffffffffad0505b7 [0259.382] DeleteDC (hdc=0xffffffffa20108ad) returned 1 [0259.382] GdipDeleteGraphics (graphics=0x1c578a40) returned 0x0 [0259.382] EndPaint (hWnd=0x5005c, lpPaint=0x15e438) returned 1 [0259.383] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.383] IsWindowUnicode (hWnd=0x60044) returned 1 [0259.383] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.383] TranslateMessage (lpMsg=0x15ee30) returned 0 [0259.383] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0259.384] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x0 [0259.384] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0259.388] CallWindowProcW (lpPrevWndFunc=0x7ffa9099e8e0, hWnd=0x60044, Msg=0x14, wParam=0xffffffffb2010715, lParam=0x0) returned 0x1 [0259.388] SetTextColor (hdc=0xffffffffb2010715, color=0x0) returned 0x0 [0259.388] SetBkColor (hdc=0xffffffffb2010715, color=0xffffff) returned 0xffffff [0259.389] SetTextColor (hdc=0xffffffffb2010715, color=0x0) returned 0x0 [0259.389] SetBkColor (hdc=0xffffffffb2010715, color=0xffffff) returned 0xffffff [0259.481] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.481] IsWindowUnicode (hWnd=0x70062) returned 1 [0259.481] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.481] TranslateMessage (lpMsg=0x15ee30) returned 0 [0259.481] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0259.481] BeginPaint (in: hWnd=0x70062, lpPaint=0x15e498 | out: lpPaint=0x15e498) returned 0x580108aa [0259.482] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0259.482] SelectPalette (hdc=0x580108aa, hPal=0x5308094c, bForceBkgd=1) returned 0x88000b [0259.482] CreateCompatibleDC (hdc=0x580108aa) returned 0x3f010930 [0259.483] DeleteObject (ho=0xffffffffad0505b7) returned 1 [0259.484] GetObjectType (h=0x580108aa) returned 0x3 [0259.484] CreateCompatibleBitmap (hdc=0x580108aa, cx=1, cy=1) returned 0xffffffff9d0508ec [0259.485] GetDIBits (in: hdc=0x580108aa, hbm=0xffffffff9d0508ec, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0x15de08, usage=0x0 | out: lpvBits=0x0, lpbmi=0x15de08) returned 1 [0259.486] GetDIBits (in: hdc=0x580108aa, hbm=0xffffffff9d0508ec, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x15de08, usage=0x0 | out: lpvBits=0x0, lpbmi=0x15de08) returned 1 [0259.486] DeleteObject (ho=0xffffffff9d0508ec) returned 1 [0259.486] CreateDIBSection (in: hdc=0x580108aa, lpbmi=0x15dec8, usage=0x0, ppvBits=0x15e480, hSection=0x0, offset=0x0 | out: ppvBits=0x15e480) returned 0xffffffffae0505b7 [0259.487] SelectObject (hdc=0x3f010930, h=0xffffffffae0505b7) returned 0x85000f [0259.487] GdipCreateFromHDC (hdc=0x3f010930, graphics=0x15e408) returned 0x0 [0259.496] GdipTranslateWorldTransform (graphics=0x1c578a40, dx=0x7ffa837b8354, dy=0x2adc743b6b29, order=0x0) returned 0x0 [0259.497] GdipSetClipRectI (graphics=0x1c578a40, x=0, y=0, width=179, height=13, combineMode=0x0) returned 0x0 [0259.498] GdipCreateMatrix (matrix=0x15e440) returned 0x0 [0259.498] GdipGetWorldTransform (graphics=0x1c578a40, matrix=0x1c572470) returned 0x0 [0259.498] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15e4a8) returned 0x0 [0259.498] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74d20 [0259.498] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df74d20) returned 0x0 [0259.499] LocalFree (hMem=0x1df74d20) returned 0x0 [0259.499] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0259.499] GdipCreateRegion (region=0x15e440) returned 0x0 [0259.499] GdipGetClip (graphics=0x1c578a40, region=0x1c578e20) returned 0x0 [0259.499] GdipIsInfiniteRegion (region=0x1c578e20, graphics=0x1c578a40, result=0x15e4a0) returned 0x0 [0259.500] GdipSaveGraphics (graphics=0x1c578a40, state=0x15e540) returned 0x0 [0259.500] GetWindowTextLengthW (hWnd=0x70062) returned 29 [0259.500] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1d [0259.500] GetSystemMetrics (nIndex=42) returned 0 [0259.500] GetWindowTextW (in: hWnd=0x70062, lpString=0x15e300, nMaxCount=30 | out: lpString="319 files have been encrypted") returned 29 [0259.500] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0xd, wParam=0x1e, lParam=0x15e300) returned 0x1d [0259.501] GetClientRect (in: hWnd=0x70062, lpRect=0x15e4d8 | out: lpRect=0x15e4d8) returned 1 [0259.501] GdipCreateRegion (region=0x15e0c0) returned 0x0 [0259.501] GdipGetClip (graphics=0x1c578a40, region=0x1c579200) returned 0x0 [0259.502] GdipCreateMatrix (matrix=0x15e0c0) returned 0x0 [0259.502] GdipGetWorldTransform (graphics=0x1c578a40, matrix=0x1c5792c0) returned 0x0 [0259.502] GdipIsMatrixIdentity (matrix=0x1c5792c0, result=0x15e128) returned 0x0 [0259.502] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74b60 [0259.502] GdipGetMatrixElements (matrix=0x1c5792c0, matrixOut=0x1df74b60) returned 0x0 [0259.503] LocalFree (hMem=0x1df74b60) returned 0x0 [0259.503] GdipCombineRegionRegion (region=0x1c579200, region2=0x1c578e20, combineMode=0x1) returned 0x0 [0259.503] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74fa0 [0259.503] GdipGetMatrixElements (matrix=0x1c5792c0, matrixOut=0x1df74fa0) returned 0x0 [0259.504] LocalFree (hMem=0x1df74fa0) returned 0x0 [0259.513] GdipDeleteMatrix (matrix=0x1c5792c0) returned 0x0 [0259.513] GdipIsInfiniteRegion (region=0x1c579200, graphics=0x1c578a40, result=0x15e180) returned 0x0 [0259.513] GdipIsInfiniteRegion (region=0x1c579200, graphics=0x1c578a40, result=0x15e140) returned 0x0 [0259.513] GdipGetRegionHRgn (region=0x1c579200, graphics=0x1c578a40, hRgn=0x15e140) returned 0x0 [0259.514] GdipDeleteRegion (region=0x1c579200) returned 0x0 [0259.514] GdipGetDC (graphics=0x1c578a40, hdc=0x15e188) returned 0x0 [0259.515] GetCurrentObject (hdc=0x3f010930, type=0x1) returned 0xb00017 [0259.515] GetCurrentObject (hdc=0x3f010930, type=0x2) returned 0x900010 [0259.515] GetCurrentObject (hdc=0x3f010930, type=0x7) returned 0xffffffffae0505b7 [0259.515] GetCurrentObject (hdc=0x3f010930, type=0x6) returned 0x58a00b4 [0259.516] SaveDC (hdc=0x3f010930) returned 1 [0259.517] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x570408db [0259.517] GetClipRgn (hdc=0x3f010930, hrgn=0x570408db) returned 0 [0259.517] SelectClipRgn (hdc=0x3f010930, hrgn=0x8704091d) returned 2 [0259.517] DeleteObject (ho=0x570408db) returned 1 [0259.518] DeleteObject (ho=0x8704091d) returned 1 [0259.518] OffsetViewportOrgEx (in: hdc=0x3f010930, x=0, y=0, lppt=0x22c0cb8 | out: lppt=0x22c0cb8) returned 1 [0259.518] GetNearestColor (hdc=0x3f010930, color=0x80) returned 0x80 [0259.518] CreateSolidBrush (color=0x80) returned 0x741008a6 [0259.519] FillRect (hDC=0x3f010930, lprc=0x15e1c0, hbr=0x741008a6) returned 1 [0259.520] DeleteObject (ho=0x741008a6) returned 1 [0259.520] RestoreDC (hdc=0x3f010930, nSavedDC=-1) returned 1 [0259.520] GdipReleaseDC (graphics=0x1c578a40, hdc=0x3f010930) returned 0x0 [0259.521] GdipRestoreGraphics (graphics=0x1c578a40, state=0xfffffffffdac0dbd) returned 0x0 [0259.521] GdipDeleteRegion (region=0x1c578e20) returned 0x0 [0259.521] GetWindowTextLengthW (hWnd=0x70062) returned 29 [0259.521] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1d [0259.521] GetSystemMetrics (nIndex=42) returned 0 [0259.521] GetWindowTextW (in: hWnd=0x70062, lpString=0x15e300, nMaxCount=30 | out: lpString="319 files have been encrypted") returned 29 [0259.521] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0x70062, Msg=0xd, wParam=0x1e, lParam=0x15e300) returned 0x1d [0259.522] GdipGetDC (graphics=0x1c578a40, hdc=0x15e328) returned 0x0 [0259.522] GetCurrentObject (hdc=0x3f010930, type=0x1) returned 0xb00017 [0259.522] GetCurrentObject (hdc=0x3f010930, type=0x2) returned 0x900010 [0259.522] GetCurrentObject (hdc=0x3f010930, type=0x7) returned 0xffffffffae0505b7 [0259.522] GetCurrentObject (hdc=0x3f010930, type=0x6) returned 0x58a00b4 [0259.524] SaveDC (hdc=0x3f010930) returned 1 [0259.524] GetNearestColor (hdc=0x3f010930, color=0xf0f0f0) returned 0xf0f0f0 [0259.524] RestoreDC (hdc=0x3f010930, nSavedDC=-1) returned 1 [0259.524] GdipReleaseDC (graphics=0x1c578a40, hdc=0x3f010930) returned 0x0 [0259.524] AdjustWindowRectEx (in: lpRect=0x15e1e0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e1e0) returned 1 [0259.525] GdipGetTextRenderingHint (graphics=0x1c578a40, mode=0x15e238) returned 0x0 [0259.525] GdipGetDC (graphics=0x1c578a40, hdc=0x15e228) returned 0x0 [0259.526] GetCurrentObject (hdc=0x3f010930, type=0x1) returned 0xb00017 [0259.526] GetCurrentObject (hdc=0x3f010930, type=0x2) returned 0x900010 [0259.526] GetCurrentObject (hdc=0x3f010930, type=0x7) returned 0xffffffffae0505b7 [0259.526] GetCurrentObject (hdc=0x3f010930, type=0x6) returned 0x58a00b4 [0259.527] SaveDC (hdc=0x3f010930) returned 1 [0259.528] GetTextAlign (hdc=0x3f010930) returned 0x0 [0259.528] GetTextColor (hdc=0x3f010930) returned 0x0 [0259.528] SetTextColor (hdc=0x3f010930, color=0xf0f0f0) returned 0x0 [0259.528] GetCurrentObject (hdc=0x3f010930, type=0x6) returned 0x58a00b4 [0259.528] GetObjectW (in: h=0x58a00b4, c=92, pv=0x15dd20 | out: pv=0x15dd20) returned 92 [0259.529] SelectObject (hdc=0x3f010930, h=0x650a05af) returned 0x58a00b4 [0259.529] GetBkMode (hdc=0x3f010930) returned 2 [0259.529] SetBkMode (hdc=0x3f010930, mode=1) returned 2 [0259.529] DrawTextExW (in: hdc=0x3f010930, lpchText="319 files have been encrypted", cchText=29, lprc=0x15e1a8, format=0x100000, lpdtp=0x22c1428 | out: lpchText="319 files have been encrypted", lprc=0x15e1a8) returned 13 [0259.545] RestoreDC (hdc=0x3f010930, nSavedDC=-1) returned 1 [0259.546] GdipReleaseDC (graphics=0x1c578a40, hdc=0x3f010930) returned 0x0 [0259.546] GdipGetDC (graphics=0x1c578a40, hdc=0x15e458) returned 0x0 [0259.546] BitBlt (hdc=0x580108aa, x=0, y=0, cx=179, cy=13, hdcSrc=0x3f010930, x1=0, y1=0, rop=0xcc0020) returned 1 [0259.546] GdipReleaseDC (graphics=0x1c578a40, hdc=0x3f010930) returned 0x0 [0259.546] SelectPalette (hdc=0x580108aa, hPal=0x88000b, bForceBkgd=0) returned 0x5308094c [0259.547] SelectObject (hdc=0x3f010930, h=0x85000f) returned 0xffffffffae0505b7 [0259.547] DeleteDC (hdc=0x3f010930) returned 1 [0259.547] GdipDeleteGraphics (graphics=0x1c578a40) returned 0x0 [0259.547] EndPaint (hWnd=0x70062, lpPaint=0x15e438) returned 1 [0259.547] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.548] IsWindowUnicode (hWnd=0xc0052) returned 1 [0259.548] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.548] TranslateMessage (lpMsg=0x15ee30) returned 0 [0259.548] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0259.548] BeginPaint (in: hWnd=0xc0052, lpPaint=0x15e498 | out: lpPaint=0x15e498) returned 0x20105b1 [0259.548] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0259.549] SelectPalette (hdc=0x20105b1, hPal=0x5308094c, bForceBkgd=1) returned 0x88000b [0259.549] CreateCompatibleDC (hdc=0x20105b1) returned 0x42010930 [0259.549] DeleteObject (ho=0xffffffffae0505b7) returned 1 [0259.550] GetObjectType (h=0x20105b1) returned 0x3 [0259.550] CreateCompatibleBitmap (hdc=0x20105b1, cx=1, cy=1) returned 0xffffffff9f0508ec [0259.553] GetDIBits (in: hdc=0x20105b1, hbm=0xffffffff9f0508ec, start=0x0, cLines=0x0, lpvBits=0x0, lpbmi=0x15de08, usage=0x0 | out: lpvBits=0x0, lpbmi=0x15de08) returned 1 [0259.554] GetDIBits (in: hdc=0x20105b1, hbm=0xffffffff9f0508ec, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x15de08, usage=0x0 | out: lpvBits=0x0, lpbmi=0x15de08) returned 1 [0259.554] DeleteObject (ho=0xffffffff9f0508ec) returned 1 [0259.555] CreateDIBSection (in: hdc=0x20105b1, lpbmi=0x15dec8, usage=0x0, ppvBits=0x15e480, hSection=0x0, offset=0x0 | out: ppvBits=0x15e480) returned 0xffffffffaf0505b7 [0259.555] SelectObject (hdc=0x42010930, h=0xffffffffaf0505b7) returned 0x85000f [0259.555] GdipCreateFromHDC (hdc=0x42010930, graphics=0x15e408) returned 0x0 [0259.556] GdipTranslateWorldTransform (graphics=0x1c578a40, dx=0x7ffa837b8354, dy=0x2adc743b6b29, order=0x0) returned 0x0 [0259.557] GdipSetClipRectI (graphics=0x1c578a40, x=0, y=0, width=215, height=20, combineMode=0x0) returned 0x0 [0259.558] GdipCreateMatrix (matrix=0x15e440) returned 0x0 [0259.558] GdipGetWorldTransform (graphics=0x1c578a40, matrix=0x1c572470) returned 0x0 [0259.558] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15e4a8) returned 0x0 [0259.558] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df754a0 [0259.558] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df754a0) returned 0x0 [0259.559] LocalFree (hMem=0x1df754a0) returned 0x0 [0259.560] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0259.560] GdipCreateRegion (region=0x15e440) returned 0x0 [0259.560] GdipGetClip (graphics=0x1c578a40, region=0x1c578e20) returned 0x0 [0259.560] GdipIsInfiniteRegion (region=0x1c578e20, graphics=0x1c578a40, result=0x15e4a0) returned 0x0 [0259.560] GdipSaveGraphics (graphics=0x1c578a40, state=0x15e540) returned 0x0 [0259.561] GetWindowTextLengthW (hWnd=0xc0052) returned 28 [0259.561] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1c [0259.561] GetSystemMetrics (nIndex=42) returned 0 [0259.561] GetWindowTextW (in: hWnd=0xc0052, lpString=0x15e300, nMaxCount=29 | out: lpString="All your files belong to us!") returned 28 [0259.561] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0xd, wParam=0x1d, lParam=0x15e300) returned 0x1c [0259.562] GetClientRect (in: hWnd=0xc0052, lpRect=0x15e4d8 | out: lpRect=0x15e4d8) returned 1 [0259.562] GdipCreateRegion (region=0x15e0c0) returned 0x0 [0259.562] GdipGetClip (graphics=0x1c578a40, region=0x1c579200) returned 0x0 [0259.563] GdipCreateMatrix (matrix=0x15e0c0) returned 0x0 [0259.563] GdipGetWorldTransform (graphics=0x1c578a40, matrix=0x1c5792c0) returned 0x0 [0259.563] GdipIsMatrixIdentity (matrix=0x1c5792c0, result=0x15e128) returned 0x0 [0259.563] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74ce0 [0259.563] GdipGetMatrixElements (matrix=0x1c5792c0, matrixOut=0x1df74ce0) returned 0x0 [0259.564] LocalFree (hMem=0x1df74ce0) returned 0x0 [0259.564] GdipCombineRegionRegion (region=0x1c579200, region2=0x1c578e20, combineMode=0x1) returned 0x0 [0259.565] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df756e0 [0259.565] GdipGetMatrixElements (matrix=0x1c5792c0, matrixOut=0x1df756e0) returned 0x0 [0259.565] LocalFree (hMem=0x1df756e0) returned 0x0 [0259.566] GdipDeleteMatrix (matrix=0x1c5792c0) returned 0x0 [0259.566] GdipIsInfiniteRegion (region=0x1c579200, graphics=0x1c578a40, result=0x15e180) returned 0x0 [0259.566] GdipIsInfiniteRegion (region=0x1c579200, graphics=0x1c578a40, result=0x15e140) returned 0x0 [0259.567] GdipGetRegionHRgn (region=0x1c579200, graphics=0x1c578a40, hRgn=0x15e140) returned 0x0 [0259.567] GdipDeleteRegion (region=0x1c579200) returned 0x0 [0259.567] GdipGetDC (graphics=0x1c578a40, hdc=0x15e188) returned 0x0 [0259.568] GetCurrentObject (hdc=0x42010930, type=0x1) returned 0xb00017 [0259.568] GetCurrentObject (hdc=0x42010930, type=0x2) returned 0x900010 [0259.568] GetCurrentObject (hdc=0x42010930, type=0x7) returned 0xffffffffaf0505b7 [0259.568] GetCurrentObject (hdc=0x42010930, type=0x6) returned 0x58a00b4 [0259.569] SaveDC (hdc=0x42010930) returned 1 [0259.570] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x8804091d [0259.570] GetClipRgn (hdc=0x42010930, hrgn=0x8804091d) returned 0 [0259.570] SelectClipRgn (hdc=0x42010930, hrgn=0x590408db) returned 2 [0259.570] DeleteObject (ho=0x8804091d) returned 1 [0259.570] DeleteObject (ho=0x590408db) returned 1 [0259.571] OffsetViewportOrgEx (in: hdc=0x42010930, x=0, y=0, lppt=0x22c2c80 | out: lppt=0x22c2c80) returned 1 [0259.571] GetNearestColor (hdc=0x42010930, color=0x80) returned 0x80 [0259.571] CreateSolidBrush (color=0x80) returned 0x751008a6 [0259.571] FillRect (hDC=0x42010930, lprc=0x15e1c0, hbr=0x751008a6) returned 1 [0259.572] DeleteObject (ho=0x751008a6) returned 1 [0259.572] RestoreDC (hdc=0x42010930, nSavedDC=-1) returned 1 [0259.572] GdipReleaseDC (graphics=0x1c578a40, hdc=0x42010930) returned 0x0 [0259.572] GdipRestoreGraphics (graphics=0x1c578a40, state=0xfffffffffdaa0dbd) returned 0x0 [0259.572] GdipDeleteRegion (region=0x1c578e20) returned 0x0 [0259.572] GetWindowTextLengthW (hWnd=0xc0052) returned 28 [0259.572] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1c [0259.572] GetSystemMetrics (nIndex=42) returned 0 [0259.573] GetWindowTextW (in: hWnd=0xc0052, lpString=0x15e300, nMaxCount=29 | out: lpString="All your files belong to us!") returned 28 [0259.573] CallWindowProcW (lpPrevWndFunc=0x7ffa90a11cb0, hWnd=0xc0052, Msg=0xd, wParam=0x1d, lParam=0x15e300) returned 0x1c [0259.573] GdipGetDC (graphics=0x1c578a40, hdc=0x15e328) returned 0x0 [0259.574] GetCurrentObject (hdc=0x42010930, type=0x1) returned 0xb00017 [0259.574] GetCurrentObject (hdc=0x42010930, type=0x2) returned 0x900010 [0259.574] GetCurrentObject (hdc=0x42010930, type=0x7) returned 0xffffffffaf0505b7 [0259.574] GetCurrentObject (hdc=0x42010930, type=0x6) returned 0x58a00b4 [0259.575] SaveDC (hdc=0x42010930) returned 1 [0259.575] GetNearestColor (hdc=0x42010930, color=0xf0f0f0) returned 0xf0f0f0 [0259.576] RestoreDC (hdc=0x42010930, nSavedDC=-1) returned 1 [0259.576] GdipReleaseDC (graphics=0x1c578a40, hdc=0x42010930) returned 0x0 [0259.576] AdjustWindowRectEx (in: lpRect=0x15e1e0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x15e1e0) returned 1 [0259.576] GdipGetTextRenderingHint (graphics=0x1c578a40, mode=0x15e238) returned 0x0 [0259.576] GdipGetDC (graphics=0x1c578a40, hdc=0x15e228) returned 0x0 [0259.577] GetCurrentObject (hdc=0x42010930, type=0x1) returned 0xb00017 [0259.577] GetCurrentObject (hdc=0x42010930, type=0x2) returned 0x900010 [0259.577] GetCurrentObject (hdc=0x42010930, type=0x7) returned 0xffffffffaf0505b7 [0259.577] GetCurrentObject (hdc=0x42010930, type=0x6) returned 0x58a00b4 [0259.578] SaveDC (hdc=0x42010930) returned 1 [0259.578] GetTextAlign (hdc=0x42010930) returned 0x0 [0259.579] GetTextColor (hdc=0x42010930) returned 0x0 [0259.579] SetTextColor (hdc=0x42010930, color=0xf0f0f0) returned 0x0 [0259.579] GetCurrentObject (hdc=0x42010930, type=0x6) returned 0x58a00b4 [0259.579] GetObjectW (in: h=0x58a00b4, c=92, pv=0x15dd20 | out: pv=0x15dd20) returned 92 [0259.580] SelectObject (hdc=0x42010930, h=0x250a0705) returned 0x58a00b4 [0259.580] GetBkMode (hdc=0x42010930) returned 2 [0259.580] SetBkMode (hdc=0x42010930, mode=1) returned 2 [0259.580] DrawTextExW (in: hdc=0x42010930, lpchText="All your files belong to us!", cchText=28, lprc=0x15df78, format=0x100405, lpdtp=0x22c33f0 | out: lpchText="All your files belong to us!", lprc=0x15df78) returned 20 [0259.580] DrawTextExW (in: hdc=0x42010930, lpchText="All your files belong to us!", cchText=28, lprc=0x15e1a8, format=0x100005, lpdtp=0x22c33f0 | out: lpchText="All your files belong to us!", lprc=0x15e1a8) returned 20 [0259.603] RestoreDC (hdc=0x42010930, nSavedDC=-1) returned 1 [0259.603] GdipReleaseDC (graphics=0x1c578a40, hdc=0x42010930) returned 0x0 [0259.603] GdipGetDC (graphics=0x1c578a40, hdc=0x15e458) returned 0x0 [0259.604] BitBlt (hdc=0x20105b1, x=0, y=0, cx=215, cy=20, hdcSrc=0x42010930, x1=0, y1=0, rop=0xcc0020) returned 1 [0259.604] GdipReleaseDC (graphics=0x1c578a40, hdc=0x42010930) returned 0x0 [0259.604] SelectPalette (hdc=0x20105b1, hPal=0x88000b, bForceBkgd=0) returned 0x5308094c [0259.604] SelectObject (hdc=0x42010930, h=0x85000f) returned 0xffffffffaf0505b7 [0259.604] DeleteDC (hdc=0x42010930) returned 1 [0259.604] GdipDeleteGraphics (graphics=0x1c578a40) returned 0x0 [0259.604] EndPaint (hWnd=0xc0052, lpPaint=0x15e438) returned 1 [0259.605] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.605] IsWindowUnicode (hWnd=0xa0050) returned 1 [0259.605] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.605] TranslateMessage (lpMsg=0x15ee30) returned 0 [0259.605] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0259.606] BeginPaint (in: hWnd=0xa0050, lpPaint=0x15e468 | out: lpPaint=0x15e468) returned 0xffffffffb2010715 [0259.606] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0259.606] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x14, wParam=0xffffffffb2010715, lParam=0x0) returned 0x1 [0259.606] GetStockObject (i=5) returned 0x900015 [0259.607] SelectPalette (hdc=0xffffffffb2010715, hPal=0x5308094c, bForceBkgd=1) returned 0x88000b [0259.607] CreateCompatibleDC (hdc=0xffffffffb2010715) returned 0x45010930 [0259.607] SelectObject (hdc=0x45010930, h=0xffffffffaf0505b7) returned 0x85000f [0259.607] GdipCreateFromHDC (hdc=0x45010930, graphics=0x15e3d8) returned 0x0 [0259.608] GdipTranslateWorldTransform (graphics=0x1c578a40, dx=0x7ffa837b8354, dy=0x2adc743b6b29, order=0x0) returned 0x0 [0259.608] GdipSetClipRectI (graphics=0x1c578a40, x=0, y=0, width=208, height=47, combineMode=0x0) returned 0x0 [0259.609] GdipCreateMatrix (matrix=0x15e410) returned 0x0 [0259.609] GdipGetWorldTransform (graphics=0x1c578a40, matrix=0x1c572470) returned 0x0 [0259.609] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15e478) returned 0x0 [0259.609] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75960 [0259.609] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df75960) returned 0x0 [0259.610] LocalFree (hMem=0x1df75960) returned 0x0 [0259.610] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0259.610] GdipCreateRegion (region=0x15e410) returned 0x0 [0259.610] GdipGetClip (graphics=0x1c578a40, region=0x1c578e20) returned 0x0 [0259.611] GdipIsInfiniteRegion (region=0x1c578e20, graphics=0x1c578a40, result=0x15e470) returned 0x0 [0259.611] GdipSaveGraphics (graphics=0x1c578a40, state=0x15e510) returned 0x0 [0259.611] GdipRestoreGraphics (graphics=0x1c578a40, state=0xfffffffffda80dbd) returned 0x0 [0259.611] GdipDeleteRegion (region=0x1c578e20) returned 0x0 [0259.625] SystemParametersInfoW (in: uiAction=0x42, uiParam=0x10, pvParam=0x15e218, fWinIni=0x0 | out: pvParam=0x15e218) returned 1 [0259.633] GdipGetDC (graphics=0x1c578a40, hdc=0x15e118) returned 0x0 [0259.633] GetCurrentObject (hdc=0x45010930, type=0x1) returned 0xb00017 [0259.633] GetCurrentObject (hdc=0x45010930, type=0x2) returned 0x900010 [0259.633] GetCurrentObject (hdc=0x45010930, type=0x7) returned 0xffffffffaf0505b7 [0259.633] GetCurrentObject (hdc=0x45010930, type=0x6) returned 0x58a00b4 [0259.634] SaveDC (hdc=0x45010930) returned 1 [0259.635] GetNearestColor (hdc=0x45010930, color=0xdbcdbf) returned 0xdbcdbf [0259.635] GetNearestColor (hdc=0x45010930, color=0x574431) returned 0x574431 [0259.635] GetNearestColor (hdc=0x45010930, color=0x0) returned 0x0 [0259.635] GetNearestColor (hdc=0x45010930, color=0x574431) returned 0x574431 [0259.635] GetNearestColor (hdc=0x45010930, color=0x0) returned 0x0 [0259.635] GetNearestColor (hdc=0x45010930, color=0xede7e0) returned 0xede7e0 [0259.635] GetNearestColor (hdc=0x45010930, color=0xd5cfc9) returned 0xd5cfc9 [0259.635] GetNearestColor (hdc=0x45010930, color=0xc5b8ab) returned 0xc5b8ab [0259.636] GetNearestColor (hdc=0x45010930, color=0x0) returned 0x0 [0259.636] GetNearestColor (hdc=0x45010930, color=0x574431) returned 0x574431 [0259.636] RestoreDC (hdc=0x45010930, nSavedDC=-1) returned 1 [0259.636] GdipReleaseDC (graphics=0x1c578a40, hdc=0x45010930) returned 0x0 [0259.636] IsAppThemed () returned 0x1 [0259.637] GetThemeAppProperties () returned 0x3 [0259.670] IsAppThemed () returned 0x1 [0259.670] GetThemeAppProperties () returned 0x3 [0259.671] GdipGetFamilyName (in: family=0x1ac6a560, name=0x15dbe0, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0 [0259.672] GetDeviceCaps (hdc=0xffffffff960106e3, index=90) returned 96 [0259.672] CoTaskMemAlloc (cb=0x5c) returned 0x1df4d3b0 [0259.672] CreateFontIndirectW (lplf=0x1df4d3b0) returned 0xffffffff8b0a094b [0259.673] CoTaskMemFree (pv=0x1df4d3b0) [0259.673] GetObjectW (in: h=0xffffffff8b0a094b, c=92, pv=0x15dbb0 | out: pv=0x15dbb0) returned 92 [0259.674] SelectObject (hdc=0xffffffff960106e3, h=0xffffffff8b0a094b) returned 0x3b0a05b0 [0259.674] GetMapMode (hdc=0xffffffff960106e3) returned 1 [0259.674] GetTextMetricsW (in: hdc=0xffffffff960106e3, lptm=0x15dc10 | out: lptm=0x15dc10) returned 1 [0259.675] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="Decrypt Files", cchText=13, lprc=0x15de28, format=0x102415, lpdtp=0x22c3f40 | out: lpchText="Decrypt Files", lprc=0x15de28) returned 20 [0259.746] IsAppThemed () returned 0x1 [0259.746] GetThemeAppProperties () returned 0x3 [0259.746] IsAppThemed () returned 0x1 [0259.746] GetThemeAppProperties () returned 0x3 [0259.753] IsAppThemed () returned 0x1 [0259.753] GetThemeAppProperties () returned 0x3 [0259.753] IsAppThemed () returned 0x1 [0259.753] GetThemeAppProperties () returned 0x3 [0259.755] IsThemePartDefined () returned 0x1 [0259.757] IsAppThemed () returned 0x1 [0259.757] GetThemeAppProperties () returned 0x3 [0259.758] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0259.760] IsAppThemed () returned 0x1 [0259.760] GetThemeAppProperties () returned 0x3 [0259.761] IsAppThemed () returned 0x1 [0259.761] GetThemeAppProperties () returned 0x3 [0259.761] IsThemePartDefined () returned 0x1 [0259.762] GdipCreateRegion (region=0x15de50) returned 0x0 [0259.762] GdipGetClip (graphics=0x1c578a40, region=0x1c578e20) returned 0x0 [0259.762] GdipCreateMatrix (matrix=0x15de50) returned 0x0 [0259.762] GdipGetWorldTransform (graphics=0x1c578a40, matrix=0x1c578ee0) returned 0x0 [0259.762] GdipIsMatrixIdentity (matrix=0x1c578ee0, result=0x15deb8) returned 0x0 [0259.762] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74ce0 [0259.763] GdipGetMatrixElements (matrix=0x1c578ee0, matrixOut=0x1df74ce0) returned 0x0 [0259.763] LocalFree (hMem=0x1df74ce0) returned 0x0 [0259.763] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df751a0 [0259.763] GdipGetMatrixElements (matrix=0x1c578ee0, matrixOut=0x1df751a0) returned 0x0 [0259.764] LocalFree (hMem=0x1df751a0) returned 0x0 [0259.764] GdipDeleteMatrix (matrix=0x1c578ee0) returned 0x0 [0259.764] GdipIsInfiniteRegion (region=0x1c578e20, graphics=0x1c578a40, result=0x15df10) returned 0x0 [0259.764] GdipIsInfiniteRegion (region=0x1c578e20, graphics=0x1c578a40, result=0x15ded0) returned 0x0 [0259.764] GdipGetRegionHRgn (region=0x1c578e20, graphics=0x1c578a40, hRgn=0x15ded0) returned 0x0 [0259.765] GdipDeleteRegion (region=0x1c578e20) returned 0x0 [0259.765] GdipGetDC (graphics=0x1c578a40, hdc=0x15df18) returned 0x0 [0259.765] GetCurrentObject (hdc=0x45010930, type=0x1) returned 0xb00017 [0259.765] GetCurrentObject (hdc=0x45010930, type=0x2) returned 0x900010 [0259.765] GetCurrentObject (hdc=0x45010930, type=0x7) returned 0xffffffffaf0505b7 [0259.765] GetCurrentObject (hdc=0x45010930, type=0x6) returned 0x58a00b4 [0259.766] SaveDC (hdc=0x45010930) returned 1 [0259.767] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5a0408db [0259.767] GetClipRgn (hdc=0x45010930, hrgn=0x5a0408db) returned 0 [0259.767] SelectClipRgn (hdc=0x45010930, hrgn=0x8c04091d) returned 2 [0259.767] DeleteObject (ho=0x5a0408db) returned 1 [0259.768] DeleteObject (ho=0x8c04091d) returned 1 [0259.768] OffsetViewportOrgEx (in: hdc=0x45010930, x=0, y=0, lppt=0x22c46b0 | out: lppt=0x22c46b0) returned 1 [0259.768] DrawThemeParentBackground () returned 0x0 [0259.769] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15d9b8 | out: lpwndpl=0x15d9b8) returned 1 [0259.771] GetClientRect (in: hWnd=0x40376, lpRect=0x15d900 | out: lpRect=0x15d900) returned 1 [0259.772] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0259.772] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0259.772] GetSystemMetrics (nIndex=42) returned 0 [0259.772] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d650, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0259.772] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d650) returned 0xb [0259.773] GetClientRect (in: hWnd=0x40376, lpRect=0x15d6c8 | out: lpRect=0x15d6c8) returned 1 [0259.773] GetCurrentObject (hdc=0x45010930, type=0x1) returned 0xb00017 [0259.773] GetCurrentObject (hdc=0x45010930, type=0x2) returned 0x900010 [0259.773] GetCurrentObject (hdc=0x45010930, type=0x7) returned 0xffffffffaf0505b7 [0259.774] GetCurrentObject (hdc=0x45010930, type=0x6) returned 0x58a00b4 [0259.774] SaveDC (hdc=0x45010930) returned 2 [0259.775] GetNearestColor (hdc=0x45010930, color=0x80) returned 0x80 [0259.775] CreateSolidBrush (color=0x80) returned 0x761008a6 [0259.775] FillRect (hDC=0x45010930, lprc=0x15d3b0, hbr=0x761008a6) returned 1 [0259.777] DeleteObject (ho=0x761008a6) returned 1 [0259.777] RestoreDC (hdc=0x45010930, nSavedDC=-1) returned 1 [0259.777] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0259.777] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0259.778] GetSystemMetrics (nIndex=42) returned 0 [0259.778] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d5c0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0259.778] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d5c0) returned 0xb [0259.778] GetClientRect (in: hWnd=0x40376, lpRect=0x15d638 | out: lpRect=0x15d638) returned 1 [0259.779] GetCurrentObject (hdc=0x45010930, type=0x1) returned 0xb00017 [0259.779] GetCurrentObject (hdc=0x45010930, type=0x2) returned 0x900010 [0259.780] GetCurrentObject (hdc=0x45010930, type=0x7) returned 0xffffffffaf0505b7 [0259.780] GetCurrentObject (hdc=0x45010930, type=0x6) returned 0x58a00b4 [0259.781] SaveDC (hdc=0x45010930) returned 2 [0259.781] GetNearestColor (hdc=0x45010930, color=0x80) returned 0x80 [0259.782] CreateSolidBrush (color=0x80) returned 0x771008a6 [0259.782] FillRect (hDC=0x45010930, lprc=0x15d320, hbr=0x771008a6) returned 1 [0259.782] DeleteObject (ho=0x771008a6) returned 1 [0259.782] RestoreDC (hdc=0x45010930, nSavedDC=-1) returned 1 [0259.782] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0259.782] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0259.783] GetSystemMetrics (nIndex=42) returned 0 [0259.783] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d5c0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0259.783] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d5c0) returned 0xb [0259.784] RestoreDC (hdc=0x45010930, nSavedDC=-1) returned 1 [0259.784] GdipReleaseDC (graphics=0x1c578a40, hdc=0x45010930) returned 0x0 [0259.784] IsAppThemed () returned 0x1 [0259.784] GetThemeAppProperties () returned 0x3 [0259.784] IsAppThemed () returned 0x1 [0259.784] GetThemeAppProperties () returned 0x3 [0259.784] IsThemePartDefined () returned 0x1 [0259.786] GdipCreateRegion (region=0x15dde0) returned 0x0 [0259.786] GdipGetClip (graphics=0x1c578a40, region=0x1c578e20) returned 0x0 [0259.787] GdipCreateMatrix (matrix=0x15dde0) returned 0x0 [0259.787] GdipGetWorldTransform (graphics=0x1c578a40, matrix=0x1c572470) returned 0x0 [0259.787] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15de48) returned 0x0 [0259.787] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74d20 [0259.787] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df74d20) returned 0x0 [0259.788] LocalFree (hMem=0x1df74d20) returned 0x0 [0259.788] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df759a0 [0259.788] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df759a0) returned 0x0 [0259.789] LocalFree (hMem=0x1df759a0) returned 0x0 [0259.789] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0259.789] GdipIsInfiniteRegion (region=0x1c578e20, graphics=0x1c578a40, result=0x15dea0) returned 0x0 [0259.789] GdipIsInfiniteRegion (region=0x1c578e20, graphics=0x1c578a40, result=0x15de60) returned 0x0 [0259.789] GdipGetRegionHRgn (region=0x1c578e20, graphics=0x1c578a40, hRgn=0x15de60) returned 0x0 [0259.790] GdipDeleteRegion (region=0x1c578e20) returned 0x0 [0259.790] GdipGetDC (graphics=0x1c578a40, hdc=0x15dea8) returned 0x0 [0259.790] GetCurrentObject (hdc=0x45010930, type=0x1) returned 0xb00017 [0259.791] GetCurrentObject (hdc=0x45010930, type=0x2) returned 0x900010 [0259.791] GetCurrentObject (hdc=0x45010930, type=0x7) returned 0xffffffffaf0505b7 [0259.791] GetCurrentObject (hdc=0x45010930, type=0x6) returned 0x58a00b4 [0259.792] SaveDC (hdc=0x45010930) returned 1 [0259.793] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x8d04091d [0259.793] GetClipRgn (hdc=0x45010930, hrgn=0x8d04091d) returned 0 [0259.793] SelectClipRgn (hdc=0x45010930, hrgn=0x5c0408db) returned 2 [0259.793] DeleteObject (ho=0x8d04091d) returned 1 [0259.793] DeleteObject (ho=0x5c0408db) returned 1 [0259.793] OffsetViewportOrgEx (in: hdc=0x45010930, x=0, y=0, lppt=0x22c53b0 | out: lppt=0x22c53b0) returned 1 [0259.794] IsAppThemed () returned 0x1 [0259.794] GetThemeAppProperties () returned 0x3 [0259.795] DrawThemeBackground () returned 0x0 [0259.795] RestoreDC (hdc=0x45010930, nSavedDC=-1) returned 1 [0259.795] GdipReleaseDC (graphics=0x1c578a40, hdc=0x45010930) returned 0x0 [0259.796] GdipCreateRegion (region=0x15dde0) returned 0x0 [0259.796] GdipGetClip (graphics=0x1c578a40, region=0x1c578e20) returned 0x0 [0259.797] GdipCreateMatrix (matrix=0x15dde0) returned 0x0 [0259.797] GdipGetWorldTransform (graphics=0x1c578a40, matrix=0x1c578ee0) returned 0x0 [0259.797] GdipIsMatrixIdentity (matrix=0x1c578ee0, result=0x15de48) returned 0x0 [0259.797] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74f60 [0259.797] GdipGetMatrixElements (matrix=0x1c578ee0, matrixOut=0x1df74f60) returned 0x0 [0259.798] LocalFree (hMem=0x1df74f60) returned 0x0 [0259.798] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75620 [0259.798] GdipGetMatrixElements (matrix=0x1c578ee0, matrixOut=0x1df75620) returned 0x0 [0259.799] LocalFree (hMem=0x1df75620) returned 0x0 [0259.799] GdipDeleteMatrix (matrix=0x1c578ee0) returned 0x0 [0259.799] GdipIsInfiniteRegion (region=0x1c578e20, graphics=0x1c578a40, result=0x15dea0) returned 0x0 [0259.799] GdipIsInfiniteRegion (region=0x1c578e20, graphics=0x1c578a40, result=0x15de60) returned 0x0 [0259.799] GdipGetRegionHRgn (region=0x1c578e20, graphics=0x1c578a40, hRgn=0x15de60) returned 0x0 [0259.800] GdipDeleteRegion (region=0x1c578e20) returned 0x0 [0259.800] GdipGetDC (graphics=0x1c578a40, hdc=0x15dea8) returned 0x0 [0259.808] GetCurrentObject (hdc=0x45010930, type=0x1) returned 0xb00017 [0259.808] GetCurrentObject (hdc=0x45010930, type=0x2) returned 0x900010 [0259.808] GetCurrentObject (hdc=0x45010930, type=0x7) returned 0xffffffffaf0505b7 [0259.809] GetCurrentObject (hdc=0x45010930, type=0x6) returned 0x58a00b4 [0259.810] SaveDC (hdc=0x45010930) returned 1 [0259.810] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5d0408db [0259.811] GetClipRgn (hdc=0x45010930, hrgn=0x5d0408db) returned 0 [0259.811] SelectClipRgn (hdc=0x45010930, hrgn=0x8e04091d) returned 2 [0259.811] DeleteObject (ho=0x5d0408db) returned 1 [0259.811] DeleteObject (ho=0x8e04091d) returned 1 [0259.811] OffsetViewportOrgEx (in: hdc=0x45010930, x=0, y=0, lppt=0x22c5860 | out: lppt=0x22c5860) returned 1 [0259.811] IsAppThemed () returned 0x1 [0259.811] GetThemeAppProperties () returned 0x3 [0259.812] GetThemeBackgroundContentRect () returned 0x0 [0259.812] RestoreDC (hdc=0x45010930, nSavedDC=-1) returned 1 [0259.812] GdipReleaseDC (graphics=0x1c578a40, hdc=0x45010930) returned 0x0 [0259.825] GdipGetNearestColor (graphics=0x1c578a40, argb=0x15e0e8) returned 0x0 [0259.829] GdipCreateSolidFill (color=0xffffffffffbfcddb, brush=0x15e0d0) returned 0x0 [0259.837] GdipFillRectangleI (graphics=0x1c578a40, brush=0x1c578f20, x=4, y=4, width=200, height=39) returned 0x0 [0259.839] GdipDeleteBrush (brush=0x1c578f20) returned 0x0 [0259.839] IsAppThemed () returned 0x1 [0259.839] GetThemeAppProperties () returned 0x3 [0259.839] GdipGetTextRenderingHint (graphics=0x1c578a40, mode=0x15e0d8) returned 0x0 [0259.839] GdipGetDC (graphics=0x1c578a40, hdc=0x15e0c8) returned 0x0 [0259.840] GetCurrentObject (hdc=0x45010930, type=0x1) returned 0xb00017 [0259.840] GetCurrentObject (hdc=0x45010930, type=0x2) returned 0x900010 [0259.840] GetCurrentObject (hdc=0x45010930, type=0x7) returned 0xffffffffaf0505b7 [0259.840] GetCurrentObject (hdc=0x45010930, type=0x6) returned 0x58a00b4 [0259.841] SaveDC (hdc=0x45010930) returned 1 [0259.842] GetTextAlign (hdc=0x45010930) returned 0x0 [0259.842] GetTextColor (hdc=0x45010930) returned 0x0 [0259.842] GetCurrentObject (hdc=0x45010930, type=0x6) returned 0x58a00b4 [0259.842] GetObjectW (in: h=0x58a00b4, c=92, pv=0x15dbc0 | out: pv=0x15dbc0) returned 92 [0259.843] SelectObject (hdc=0x45010930, h=0xffffffff8b0a094b) returned 0x58a00b4 [0259.843] GetBkMode (hdc=0x45010930) returned 2 [0259.843] SetBkMode (hdc=0x45010930, mode=1) returned 2 [0259.843] DrawTextExW (in: hdc=0x45010930, lpchText="Decrypt Files", cchText=13, lprc=0x15de18, format=0x102415, lpdtp=0x22c5d18 | out: lpchText="Decrypt Files", lprc=0x15de18) returned 20 [0259.844] DrawTextExW (in: hdc=0x45010930, lpchText="Decrypt Files", cchText=13, lprc=0x15e048, format=0x102015, lpdtp=0x22c5d18 | out: lpchText="Decrypt Files", lprc=0x15e048) returned 20 [0259.849] RestoreDC (hdc=0x45010930, nSavedDC=-1) returned 1 [0259.849] GdipReleaseDC (graphics=0x1c578a40, hdc=0x45010930) returned 0x0 [0259.850] GetFocus () returned 0x80386 [0259.850] IsAppThemed () returned 0x1 [0259.850] GetThemeAppProperties () returned 0x3 [0259.850] GdipGetDC (graphics=0x1c578a40, hdc=0x15e428) returned 0x0 [0259.850] BitBlt (hdc=0xffffffffb2010715, x=0, y=0, cx=208, cy=47, hdcSrc=0x45010930, x1=0, y1=0, rop=0xcc0020) returned 1 [0259.851] GdipReleaseDC (graphics=0x1c578a40, hdc=0x45010930) returned 0x0 [0259.851] SelectPalette (hdc=0xffffffffb2010715, hPal=0x88000b, bForceBkgd=0) returned 0x5308094c [0259.851] SelectObject (hdc=0x45010930, h=0x85000f) returned 0xffffffffaf0505b7 [0259.851] DeleteDC (hdc=0x45010930) returned 1 [0259.851] GdipDeleteGraphics (graphics=0x1c578a40) returned 0x0 [0259.851] EndPaint (hWnd=0xa0050, lpPaint=0x15e408) returned 1 [0259.852] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.852] IsWindowUnicode (hWnd=0x80386) returned 1 [0259.852] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.852] TranslateMessage (lpMsg=0x15ee30) returned 0 [0259.852] DispatchMessageW (lpMsg=0x15ee30) returned 0x1 [0259.852] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0259.853] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x1 [0259.853] SetTextColor (hdc=0x20105b1, color=0x0) returned 0x0 [0259.853] SetBkColor (hdc=0x20105b1, color=0xffffff) returned 0xffffff [0259.854] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15d248 | out: lpwndpl=0x15d248) returned 1 [0259.854] GetClientRect (in: hWnd=0x40376, lpRect=0x15d190 | out: lpRect=0x15d190) returned 1 [0259.854] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0259.854] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0259.854] GetSystemMetrics (nIndex=42) returned 0 [0259.854] GetWindowTextW (in: hWnd=0x40376, lpString=0x15cee0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0259.854] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15cee0) returned 0xb [0259.855] GetClientRect (in: hWnd=0x40376, lpRect=0x15cf58 | out: lpRect=0x15cf58) returned 1 [0259.855] GetCurrentObject (hdc=0x4b010962, type=0x1) returned 0xb00017 [0259.855] GetCurrentObject (hdc=0x4b010962, type=0x2) returned 0x900010 [0259.855] GetCurrentObject (hdc=0x4b010962, type=0x7) returned 0x2905093b [0259.856] GetCurrentObject (hdc=0x4b010962, type=0x6) returned 0x58a00b4 [0259.857] SaveDC (hdc=0x4b010962) returned 1 [0259.857] GetNearestColor (hdc=0x4b010962, color=0x80) returned 0x80 [0259.858] CreateSolidBrush (color=0x80) returned 0x781008a6 [0259.858] FillRect (hDC=0x4b010962, lprc=0x15cc40, hbr=0x781008a6) returned 1 [0259.858] DeleteObject (ho=0x781008a6) returned 1 [0259.858] RestoreDC (hdc=0x4b010962, nSavedDC=-1) returned 1 [0259.859] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0259.859] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0259.859] GetSystemMetrics (nIndex=42) returned 0 [0259.859] GetWindowTextW (in: hWnd=0x40376, lpString=0x15ce50, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0259.859] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15ce50) returned 0xb [0259.859] GetClientRect (in: hWnd=0x40376, lpRect=0x15cec8 | out: lpRect=0x15cec8) returned 1 [0259.860] GetCurrentObject (hdc=0x4b010962, type=0x1) returned 0xb00017 [0259.860] GetCurrentObject (hdc=0x4b010962, type=0x2) returned 0x900010 [0259.860] GetCurrentObject (hdc=0x4b010962, type=0x7) returned 0x2905093b [0259.860] GetCurrentObject (hdc=0x4b010962, type=0x6) returned 0x58a00b4 [0259.861] SaveDC (hdc=0x4b010962) returned 1 [0259.862] GetNearestColor (hdc=0x4b010962, color=0x80) returned 0x80 [0259.862] CreateSolidBrush (color=0x80) returned 0x791008a6 [0259.862] FillRect (hDC=0x4b010962, lprc=0x15cbb0, hbr=0x791008a6) returned 1 [0259.862] DeleteObject (ho=0x791008a6) returned 1 [0259.863] RestoreDC (hdc=0x4b010962, nSavedDC=-1) returned 1 [0259.866] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0259.866] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0259.866] GetSystemMetrics (nIndex=42) returned 0 [0259.866] GetWindowTextW (in: hWnd=0x40376, lpString=0x15ce50, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0259.866] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15ce50) returned 0xb [0259.868] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x14, wParam=0xffffffffb2010715, lParam=0x0) returned 0x1 [0259.868] SetTextColor (hdc=0x4c010962, color=0x0) returned 0x0 [0259.868] SetBkColor (hdc=0x4c010962, color=0xffffff) returned 0xffffff [0259.870] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.870] IsWindowUnicode (hWnd=0x3020e) returned 1 [0259.870] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.870] TranslateMessage (lpMsg=0x15ee30) returned 0 [0259.870] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0259.870] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.871] IsWindowUnicode (hWnd=0xa0050) returned 1 [0259.871] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.871] TranslateMessage (lpMsg=0x15ee30) returned 0 [0259.871] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0259.871] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.871] IsWindowUnicode (hWnd=0xa0050) returned 1 [0259.871] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.872] TranslateMessage (lpMsg=0x15ee30) returned 0 [0259.872] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0259.872] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x2a1, wParam=0x0, lParam=0x130079) returned 0x0 [0259.872] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.873] GetMessageA (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0259.873] TranslateMessage (lpMsg=0x15ee30) returned 0 [0259.873] DispatchMessageA (lpMsg=0x15ee30) returned 0x7f4e [0259.874] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0259.875] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0259.875] WaitMessage () returned 1 [0260.948] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0260.948] GetMessageA (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0260.949] TranslateMessage (lpMsg=0x15ee30) returned 0 [0260.949] DispatchMessageA (lpMsg=0x15ee30) returned 0x1 [0260.949] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0260.949] IsWindowUnicode (hWnd=0x80386) returned 1 [0260.949] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0260.949] TranslateMessage (lpMsg=0x15ee30) returned 0 [0260.949] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0260.950] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0260.950] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0260.950] WaitMessage () returned 1 [0261.049] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0261.060] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x43c, wParam=0x0, lParam=0x15e7c0) returned 0x0 [0261.060] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0261.060] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xb0, wParam=0x15e710, lParam=0x15e718) returned 0x0 [0261.061] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xb2, wParam=0x0, lParam=0x15e660) returned 0x1 [0261.061] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xd7, wParam=0x0, lParam=0x10001) returned 0x0 [0261.062] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x31, wParam=0x0, lParam=0x0) returned 0xffffffff8b0a06ee [0261.063] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xc9, wParam=0x0, lParam=0x0) returned 0x0 [0261.063] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xd6, wParam=0x0, lParam=0x0) returned 0xffffffffffffffff [0261.063] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xb2, wParam=0x0, lParam=0x15e6d0) returned 0x1 [0261.066] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x86, wParam=0x1, lParam=0x0) returned 0x1 [0261.074] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0261.074] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0261.075] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0261.076] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x46, wParam=0x0, lParam=0x15ebf0) returned 0x0 [0261.077] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x46, wParam=0x0, lParam=0x15ebf0) returned 0x0 [0261.079] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15e6d8 | out: lpwndpl=0x15e6d8) returned 1 [0261.080] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x47, wParam=0x0, lParam=0x15ebf0) returned 0x0 [0261.080] GetClientRect (in: hWnd=0x40376, lpRect=0x15e5a0 | out: lpRect=0x15e5a0) returned 1 [0261.080] GetWindowRect (in: hWnd=0x40376, lpRect=0x15e5a0 | out: lpRect=0x15e5a0) returned 1 [0261.081] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0261.081] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0261.082] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0261.083] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x47, wParam=0x0, lParam=0x15ebf0) returned 0x0 [0261.084] IsWindowUnicode (hWnd=0x80386) returned 1 [0261.084] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0261.157] GetKeyState (nVirtKey=16) returned 0 [0261.157] GetKeyState (nVirtKey=17) returned 0 [0261.157] GetKeyState (nVirtKey=18) returned -127 [0261.157] TranslateMessage (lpMsg=0x15ee30) returned 1 [0261.157] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0261.158] GetKeyState (nVirtKey=16) returned 0 [0261.159] GetKeyState (nVirtKey=17) returned 0 [0261.159] GetKeyState (nVirtKey=18) returned -127 [0261.159] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x105, wParam=0x1b, lParam=0xe0010001) returned 0x0 [0261.159] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0261.159] IsWindowUnicode (hWnd=0x80386) returned 1 [0261.159] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0261.162] GetKeyState (nVirtKey=16) returned 0 [0261.162] GetKeyState (nVirtKey=17) returned 0 [0261.162] GetKeyState (nVirtKey=18) returned 1 [0261.162] TranslateMessage (lpMsg=0x15ee30) returned 1 [0261.162] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0261.162] GetKeyState (nVirtKey=16) returned 0 [0261.162] GetKeyState (nVirtKey=17) returned 0 [0261.162] GetKeyState (nVirtKey=18) returned 1 [0261.162] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x101, wParam=0x12, lParam=0xc0380001) returned 0x0 [0261.163] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0261.163] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x24701a2) returned 0x1 [0261.163] IsWindowUnicode (hWnd=0xa0050) returned 1 [0261.163] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0261.163] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x24701a2) returned 0x1 [0261.164] SetCursor (hCursor=0x10003) returned 0x10003 [0261.164] TranslateMessage (lpMsg=0x15ee30) returned 0 [0261.164] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0261.164] GetKeyState (nVirtKey=1) returned 0 [0261.164] GetKeyState (nVirtKey=2) returned 0 [0261.164] GetKeyState (nVirtKey=4) returned 0 [0261.164] GetKeyState (nVirtKey=5) returned 0 [0261.164] GetKeyState (nVirtKey=6) returned 0 [0261.165] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0261.165] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0261.165] WaitMessage () returned 1 [0261.167] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0261.167] GetMessageA (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0261.167] TranslateMessage (lpMsg=0x15ee30) returned 0 [0261.167] DispatchMessageA (lpMsg=0x15ee30) returned 0x0 [0261.168] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0261.168] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0261.168] WaitMessage () returned 1 [0261.282] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0261.282] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x24701a2) returned 0x1 [0261.283] IsWindowUnicode (hWnd=0xa0050) returned 1 [0261.283] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0261.283] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x24701a2) returned 0x1 [0261.283] SetCursor (hCursor=0x10003) returned 0x10003 [0261.283] TranslateMessage (lpMsg=0x15ee30) returned 0 [0261.283] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0261.283] GetKeyState (nVirtKey=1) returned 0 [0261.283] GetKeyState (nVirtKey=2) returned 0 [0261.283] GetKeyState (nVirtKey=4) returned 0 [0261.284] GetKeyState (nVirtKey=5) returned 0 [0261.284] GetKeyState (nVirtKey=6) returned 0 [0261.284] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0261.284] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0261.284] WaitMessage () returned 1 [0261.479] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0261.480] IsWindowUnicode (hWnd=0x80386) returned 1 [0261.480] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0261.480] TranslateMessage (lpMsg=0x15ee30) returned 0 [0261.480] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0261.480] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0261.480] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0261.481] WaitMessage () returned 1 [0262.017] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0262.017] IsWindowUnicode (hWnd=0x80386) returned 1 [0262.017] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0262.017] TranslateMessage (lpMsg=0x15ee30) returned 0 [0262.017] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0262.018] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0262.018] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0262.018] WaitMessage () returned 1 [0262.434] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0262.434] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x24701a2) returned 0x1 [0262.434] IsWindowUnicode (hWnd=0xa0050) returned 1 [0262.434] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0262.435] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x24701a2) returned 0x1 [0262.435] SetCursor (hCursor=0x10003) returned 0x10003 [0262.435] TranslateMessage (lpMsg=0x15ee30) returned 0 [0262.435] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0262.435] GetKeyState (nVirtKey=1) returned 0 [0262.435] GetKeyState (nVirtKey=2) returned 0 [0262.435] GetKeyState (nVirtKey=4) returned 0 [0262.435] GetKeyState (nVirtKey=5) returned 0 [0262.435] GetKeyState (nVirtKey=6) returned 0 [0262.435] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0262.436] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0262.436] WaitMessage () returned 1 [0262.542] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0262.542] IsWindowUnicode (hWnd=0x80386) returned 1 [0262.542] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0262.542] TranslateMessage (lpMsg=0x15ee30) returned 0 [0262.543] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0262.543] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0262.543] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0262.543] WaitMessage () returned 1 [0263.046] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.051] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450183) returned 0x1 [0263.051] IsWindowUnicode (hWnd=0xa0050) returned 1 [0263.051] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.052] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0263.052] SetCursor (hCursor=0x10003) returned 0x10003 [0263.053] TranslateMessage (lpMsg=0x15ee30) returned 0 [0263.053] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0263.053] GetKeyState (nVirtKey=1) returned 0 [0263.053] GetKeyState (nVirtKey=2) returned 0 [0263.053] GetKeyState (nVirtKey=4) returned 0 [0263.053] GetKeyState (nVirtKey=5) returned 0 [0263.053] GetKeyState (nVirtKey=6) returned 0 [0263.053] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0263.054] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0263.054] WaitMessage () returned 1 [0263.098] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.098] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0263.098] IsWindowUnicode (hWnd=0xa0050) returned 1 [0263.098] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.099] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0263.100] GetDlgItem (hDlg=0x40376, nIDDlgItem=0) returned 0x0 [0263.100] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x210, wParam=0x201, lParam=0x1680092) returned 0x0 [0263.100] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x21, wParam=0x40376, lParam=0x2010001) returned 0x1 [0263.101] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x21, wParam=0x40376, lParam=0x2010001) returned 0x1 [0263.101] SetCursor (hCursor=0x10003) returned 0x10003 [0263.101] TranslateMessage (lpMsg=0x15ee30) returned 0 [0263.101] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0263.101] GetKeyState (nVirtKey=1) returned -127 [0263.102] GetKeyState (nVirtKey=2) returned 0 [0263.102] GetKeyState (nVirtKey=4) returned 0 [0263.102] GetKeyState (nVirtKey=5) returned 0 [0263.102] GetKeyState (nVirtKey=6) returned 0 [0263.103] IsWindowVisible (hWnd=0xa0050) returned 1 [0263.107] IsWindowEnabled (hWnd=0xa0050) returned 1 [0263.107] SetFocus (hWnd=0xa0050) returned 0x80386 [0263.109] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x8, wParam=0xa0050, lParam=0x0) returned 0x1 [0263.112] SendMessageW (hWnd=0x80386, Msg=0x2111, wParam=0x2000386, lParam=0x80386) returned 0x0 [0263.113] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0 [0263.115] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0263.116] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0263.116] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x282, wParam=0xb, lParam=0x0) returned 0x0 [0263.116] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0263.116] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x282, wParam=0xf, lParam=0xe0157) returned 0x0 [0263.179] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0263.224] InvalidateRect (hWnd=0xa0050, lpRect=0x0, bErase=0) returned 1 [0263.224] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x7, wParam=0x80386, lParam=0x0) returned 0x0 [0263.225] GetStockObject (i=5) returned 0x900015 [0263.225] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xd [0263.225] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0xd, wParam=0xe, lParam=0x1df58b30) returned 0xd [0263.225] GetDlgItem (hDlg=0x40376, nIDDlgItem=655440) returned 0xa0050 [0263.225] SendMessageW (hWnd=0xa0050, Msg=0x202b, wParam=0xa0050, lParam=0x15dad0) returned 0x0 [0263.225] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x202b, wParam=0xa0050, lParam=0x15dad0) returned 0x0 [0263.226] InvalidateRect (hWnd=0xa0050, lpRect=0x0, bErase=0) returned 1 [0263.232] GetFocus () returned 0xa0050 [0263.235] GetFocus () returned 0xa0050 [0263.235] GetFocus () returned 0xa0050 [0263.236] GetKeyState (nVirtKey=1) returned -127 [0263.236] GetKeyState (nVirtKey=2) returned 0 [0263.236] GetKeyState (nVirtKey=4) returned 0 [0263.236] GetKeyState (nVirtKey=5) returned 0 [0263.236] GetKeyState (nVirtKey=6) returned 0 [0263.236] GetCapture () returned 0x0 [0263.239] SetCapture (hWnd=0xa0050) returned 0x0 [0263.239] GetKeyState (nVirtKey=1) returned -127 [0263.239] GetKeyState (nVirtKey=2) returned 0 [0263.239] GetKeyState (nVirtKey=4) returned 0 [0263.240] GetKeyState (nVirtKey=5) returned 0 [0263.240] GetKeyState (nVirtKey=6) returned 0 [0263.241] NotifyWinEvent (event=0x800a, hwnd=0xa0050, idObject=-4, idChild=0) [0263.242] InvalidateRect (hWnd=0xa0050, lpRect=0x15e6f0, bErase=0) returned 1 [0263.242] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.242] IsWindowUnicode (hWnd=0xa0050) returned 1 [0263.242] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.243] TranslateMessage (lpMsg=0x15ee30) returned 0 [0263.243] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0263.243] MapWindowPoints (in: hWndFrom=0xa0050, hWndTo=0x0, lpPoints=0x21984c8, cPoints=0x1 | out: lpPoints=0x21984c8) returned 36962601 [0263.243] NotifyWinEvent (event=0x800a, hwnd=0xa0050, idObject=-4, idChild=0) [0263.243] InvalidateRect (hWnd=0xa0050, lpRect=0x15e610, bErase=0) returned 1 [0263.246] UpdateWindow (hWnd=0xa0050) returned 1 [0263.246] BeginPaint (in: hWnd=0xa0050, lpPaint=0x15dd18 | out: lpPaint=0x15dd18) returned 0x580108aa [0263.247] SelectPalette (hdc=0x580108aa, hPal=0x5308094c, bForceBkgd=1) returned 0x88000b [0263.247] CreateCompatibleDC (hdc=0x580108aa) returned 0x3e0108ef [0263.247] SelectObject (hdc=0x3e0108ef, h=0xffffffffaf0505b7) returned 0x85000f [0263.247] GdipCreateFromHDC (hdc=0x3e0108ef, graphics=0x15dc88) returned 0x0 [0263.248] GdipTranslateWorldTransform (graphics=0x1c5789b0, dx=0x7ffa837b8354, dy=0x2adc743b6b29, order=0x0) returned 0x0 [0263.249] GdipSetClipRectI (graphics=0x1c5789b0, x=0, y=0, width=208, height=47, combineMode=0x0) returned 0x0 [0263.250] GdipCreateMatrix (matrix=0x15dcc0) returned 0x0 [0263.250] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c572470) returned 0x0 [0263.250] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15dd28) returned 0x0 [0263.250] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74f60 [0263.250] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df74f60) returned 0x0 [0263.251] LocalFree (hMem=0x1df74f60) returned 0x0 [0263.251] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0263.251] GdipCreateRegion (region=0x15dcc0) returned 0x0 [0263.251] GdipGetClip (graphics=0x1c5789b0, region=0x1c578fb0) returned 0x0 [0263.252] GdipIsInfiniteRegion (region=0x1c578fb0, graphics=0x1c5789b0, result=0x15dd20) returned 0x0 [0263.252] GdipSaveGraphics (graphics=0x1c5789b0, state=0x15ddc0) returned 0x0 [0263.252] GdipRestoreGraphics (graphics=0x1c5789b0, state=0xfffffffffda60dbd) returned 0x0 [0263.252] GdipDeleteRegion (region=0x1c578fb0) returned 0x0 [0263.253] GdipGetDC (graphics=0x1c5789b0, hdc=0x15d9c8) returned 0x0 [0263.254] GetCurrentObject (hdc=0x3e0108ef, type=0x1) returned 0xb00017 [0263.254] GetCurrentObject (hdc=0x3e0108ef, type=0x2) returned 0x900010 [0263.254] GetCurrentObject (hdc=0x3e0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.254] GetCurrentObject (hdc=0x3e0108ef, type=0x6) returned 0x58a00b4 [0263.255] SaveDC (hdc=0x3e0108ef) returned 1 [0263.256] GetNearestColor (hdc=0x3e0108ef, color=0xdbcdbf) returned 0xdbcdbf [0263.256] GetNearestColor (hdc=0x3e0108ef, color=0x574431) returned 0x574431 [0263.256] GetNearestColor (hdc=0x3e0108ef, color=0x0) returned 0x0 [0263.256] GetNearestColor (hdc=0x3e0108ef, color=0x574431) returned 0x574431 [0263.256] GetNearestColor (hdc=0x3e0108ef, color=0x0) returned 0x0 [0263.256] GetNearestColor (hdc=0x3e0108ef, color=0xede7e0) returned 0xede7e0 [0263.257] GetNearestColor (hdc=0x3e0108ef, color=0xd5cfc9) returned 0xd5cfc9 [0263.257] GetNearestColor (hdc=0x3e0108ef, color=0xc5b8ab) returned 0xc5b8ab [0263.257] GetNearestColor (hdc=0x3e0108ef, color=0x0) returned 0x0 [0263.257] GetNearestColor (hdc=0x3e0108ef, color=0x574431) returned 0x574431 [0263.257] RestoreDC (hdc=0x3e0108ef, nSavedDC=-1) returned 1 [0263.257] GdipReleaseDC (graphics=0x1c5789b0, hdc=0x3e0108ef) returned 0x0 [0263.257] IsAppThemed () returned 0x1 [0263.257] GetThemeAppProperties () returned 0x3 [0263.258] IsAppThemed () returned 0x1 [0263.259] GetThemeAppProperties () returned 0x3 [0263.259] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="Decrypt Files", cchText=13, lprc=0x15d6d8, format=0x102415, lpdtp=0x2198ce8 | out: lpchText="Decrypt Files", lprc=0x15d6d8) returned 20 [0263.259] IsAppThemed () returned 0x1 [0263.260] GetThemeAppProperties () returned 0x3 [0263.260] IsAppThemed () returned 0x1 [0263.260] GetThemeAppProperties () returned 0x3 [0263.260] IsAppThemed () returned 0x1 [0263.260] GetThemeAppProperties () returned 0x3 [0263.260] IsAppThemed () returned 0x1 [0263.261] GetThemeAppProperties () returned 0x3 [0263.261] IsThemePartDefined () returned 0x1 [0263.261] IsAppThemed () returned 0x1 [0263.261] GetThemeAppProperties () returned 0x3 [0263.261] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0263.261] IsAppThemed () returned 0x1 [0263.261] GetThemeAppProperties () returned 0x3 [0263.261] IsAppThemed () returned 0x1 [0263.261] GetThemeAppProperties () returned 0x3 [0263.261] IsThemePartDefined () returned 0x1 [0263.262] GdipCreateRegion (region=0x15d700) returned 0x0 [0263.262] GdipGetClip (graphics=0x1c5789b0, region=0x1c578fb0) returned 0x0 [0263.263] GdipCreateMatrix (matrix=0x15d700) returned 0x0 [0263.263] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c578d90) returned 0x0 [0263.263] GdipIsMatrixIdentity (matrix=0x1c578d90, result=0x15d768) returned 0x0 [0263.263] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df754e0 [0263.263] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df754e0) returned 0x0 [0263.264] LocalFree (hMem=0x1df754e0) returned 0x0 [0263.264] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75220 [0263.264] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df75220) returned 0x0 [0263.264] LocalFree (hMem=0x1df75220) returned 0x0 [0263.264] GdipDeleteMatrix (matrix=0x1c578d90) returned 0x0 [0263.264] GdipIsInfiniteRegion (region=0x1c578fb0, graphics=0x1c5789b0, result=0x15d7c0) returned 0x0 [0263.264] GdipIsInfiniteRegion (region=0x1c578fb0, graphics=0x1c5789b0, result=0x15d780) returned 0x0 [0263.265] GdipGetRegionHRgn (region=0x1c578fb0, graphics=0x1c5789b0, hRgn=0x15d780) returned 0x0 [0263.265] GdipDeleteRegion (region=0x1c578fb0) returned 0x0 [0263.265] GdipGetDC (graphics=0x1c5789b0, hdc=0x15d7c8) returned 0x0 [0263.266] GetCurrentObject (hdc=0x3e0108ef, type=0x1) returned 0xb00017 [0263.266] GetCurrentObject (hdc=0x3e0108ef, type=0x2) returned 0x900010 [0263.266] GetCurrentObject (hdc=0x3e0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.266] GetCurrentObject (hdc=0x3e0108ef, type=0x6) returned 0x58a00b4 [0263.267] SaveDC (hdc=0x3e0108ef) returned 1 [0263.269] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x9104091d [0263.269] GetClipRgn (hdc=0x3e0108ef, hrgn=0x9104091d) returned 0 [0263.269] SelectClipRgn (hdc=0x3e0108ef, hrgn=0x640408db) returned 2 [0263.269] DeleteObject (ho=0x9104091d) returned 1 [0263.269] DeleteObject (ho=0x640408db) returned 1 [0263.269] OffsetViewportOrgEx (in: hdc=0x3e0108ef, x=0, y=0, lppt=0x2199428 | out: lppt=0x2199428) returned 1 [0263.269] DrawThemeParentBackground () returned 0x0 [0263.270] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15d268 | out: lpwndpl=0x15d268) returned 1 [0263.270] GetClientRect (in: hWnd=0x40376, lpRect=0x15d1b0 | out: lpRect=0x15d1b0) returned 1 [0263.270] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0263.270] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0263.271] GetSystemMetrics (nIndex=42) returned 0 [0263.271] GetWindowTextW (in: hWnd=0x40376, lpString=0x15cf00, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0263.271] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15cf00) returned 0xb [0263.271] GetClientRect (in: hWnd=0x40376, lpRect=0x15cf78 | out: lpRect=0x15cf78) returned 1 [0263.272] GetCurrentObject (hdc=0x3e0108ef, type=0x1) returned 0xb00017 [0263.272] GetCurrentObject (hdc=0x3e0108ef, type=0x2) returned 0x900010 [0263.272] GetCurrentObject (hdc=0x3e0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.272] GetCurrentObject (hdc=0x3e0108ef, type=0x6) returned 0x58a00b4 [0263.273] SaveDC (hdc=0x3e0108ef) returned 2 [0263.273] GetNearestColor (hdc=0x3e0108ef, color=0x80) returned 0x80 [0263.274] CreateSolidBrush (color=0x80) returned 0x7a1008a6 [0263.274] FillRect (hDC=0x3e0108ef, lprc=0x15cc60, hbr=0x7a1008a6) returned 1 [0263.274] DeleteObject (ho=0x7a1008a6) returned 1 [0263.274] RestoreDC (hdc=0x3e0108ef, nSavedDC=-1) returned 1 [0263.275] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0263.276] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0263.276] GetSystemMetrics (nIndex=42) returned 0 [0263.276] GetWindowTextW (in: hWnd=0x40376, lpString=0x15ce70, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0263.276] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15ce70) returned 0xb [0263.277] GetClientRect (in: hWnd=0x40376, lpRect=0x15cee8 | out: lpRect=0x15cee8) returned 1 [0263.277] GetCurrentObject (hdc=0x3e0108ef, type=0x1) returned 0xb00017 [0263.277] GetCurrentObject (hdc=0x3e0108ef, type=0x2) returned 0x900010 [0263.278] GetCurrentObject (hdc=0x3e0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.278] GetCurrentObject (hdc=0x3e0108ef, type=0x6) returned 0x58a00b4 [0263.279] SaveDC (hdc=0x3e0108ef) returned 2 [0263.279] GetNearestColor (hdc=0x3e0108ef, color=0x80) returned 0x80 [0263.279] CreateSolidBrush (color=0x80) returned 0x7b1008a6 [0263.280] FillRect (hDC=0x3e0108ef, lprc=0x15cbd0, hbr=0x7b1008a6) returned 1 [0263.280] DeleteObject (ho=0x7b1008a6) returned 1 [0263.280] RestoreDC (hdc=0x3e0108ef, nSavedDC=-1) returned 1 [0263.280] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0263.280] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0263.280] GetSystemMetrics (nIndex=42) returned 0 [0263.280] GetWindowTextW (in: hWnd=0x40376, lpString=0x15ce70, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0263.280] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15ce70) returned 0xb [0263.281] RestoreDC (hdc=0x3e0108ef, nSavedDC=-1) returned 1 [0263.281] GdipReleaseDC (graphics=0x1c5789b0, hdc=0x3e0108ef) returned 0x0 [0263.281] IsAppThemed () returned 0x1 [0263.281] GetThemeAppProperties () returned 0x3 [0263.282] IsAppThemed () returned 0x1 [0263.282] GetThemeAppProperties () returned 0x3 [0263.282] IsThemePartDefined () returned 0x1 [0263.282] GdipCreateRegion (region=0x15d690) returned 0x0 [0263.283] GdipGetClip (graphics=0x1c5789b0, region=0x1c578fb0) returned 0x0 [0263.283] GdipCreateMatrix (matrix=0x15d690) returned 0x0 [0263.283] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c572470) returned 0x0 [0263.283] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15d6f8) returned 0x0 [0263.283] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74b60 [0263.283] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df74b60) returned 0x0 [0263.284] LocalFree (hMem=0x1df74b60) returned 0x0 [0263.284] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75420 [0263.284] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df75420) returned 0x0 [0263.285] LocalFree (hMem=0x1df75420) returned 0x0 [0263.285] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0263.285] GdipIsInfiniteRegion (region=0x1c578fb0, graphics=0x1c5789b0, result=0x15d750) returned 0x0 [0263.285] GdipIsInfiniteRegion (region=0x1c578fb0, graphics=0x1c5789b0, result=0x15d710) returned 0x0 [0263.285] GdipGetRegionHRgn (region=0x1c578fb0, graphics=0x1c5789b0, hRgn=0x15d710) returned 0x0 [0263.285] GdipDeleteRegion (region=0x1c578fb0) returned 0x0 [0263.286] GdipGetDC (graphics=0x1c5789b0, hdc=0x15d758) returned 0x0 [0263.286] GetCurrentObject (hdc=0x3e0108ef, type=0x1) returned 0xb00017 [0263.286] GetCurrentObject (hdc=0x3e0108ef, type=0x2) returned 0x900010 [0263.286] GetCurrentObject (hdc=0x3e0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.286] GetCurrentObject (hdc=0x3e0108ef, type=0x6) returned 0x58a00b4 [0263.288] SaveDC (hdc=0x3e0108ef) returned 1 [0263.288] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x650408db [0263.288] GetClipRgn (hdc=0x3e0108ef, hrgn=0x650408db) returned 0 [0263.289] SelectClipRgn (hdc=0x3e0108ef, hrgn=0x9304091d) returned 2 [0263.289] DeleteObject (ho=0x650408db) returned 1 [0263.289] DeleteObject (ho=0x9304091d) returned 1 [0263.289] OffsetViewportOrgEx (in: hdc=0x3e0108ef, x=0, y=0, lppt=0x219a128 | out: lppt=0x219a128) returned 1 [0263.289] IsAppThemed () returned 0x1 [0263.290] GetThemeAppProperties () returned 0x3 [0263.290] DrawThemeBackground () returned 0x0 [0263.290] RestoreDC (hdc=0x3e0108ef, nSavedDC=-1) returned 1 [0263.291] GdipReleaseDC (graphics=0x1c5789b0, hdc=0x3e0108ef) returned 0x0 [0263.293] GdipCreateRegion (region=0x15d690) returned 0x0 [0263.293] GdipGetClip (graphics=0x1c5789b0, region=0x1c578fb0) returned 0x0 [0263.293] GdipCreateMatrix (matrix=0x15d690) returned 0x0 [0263.293] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c578d90) returned 0x0 [0263.293] GdipIsMatrixIdentity (matrix=0x1c578d90, result=0x15d6f8) returned 0x0 [0263.294] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df754a0 [0263.294] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df754a0) returned 0x0 [0263.294] LocalFree (hMem=0x1df754a0) returned 0x0 [0263.294] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75160 [0263.294] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df75160) returned 0x0 [0263.295] LocalFree (hMem=0x1df75160) returned 0x0 [0263.295] GdipDeleteMatrix (matrix=0x1c578d90) returned 0x0 [0263.295] GdipIsInfiniteRegion (region=0x1c578fb0, graphics=0x1c5789b0, result=0x15d750) returned 0x0 [0263.296] GdipIsInfiniteRegion (region=0x1c578fb0, graphics=0x1c5789b0, result=0x15d710) returned 0x0 [0263.296] GdipGetRegionHRgn (region=0x1c578fb0, graphics=0x1c5789b0, hRgn=0x15d710) returned 0x0 [0263.297] GdipDeleteRegion (region=0x1c578fb0) returned 0x0 [0263.297] GdipGetDC (graphics=0x1c5789b0, hdc=0x15d758) returned 0x0 [0263.298] GetCurrentObject (hdc=0x3e0108ef, type=0x1) returned 0xb00017 [0263.298] GetCurrentObject (hdc=0x3e0108ef, type=0x2) returned 0x900010 [0263.298] GetCurrentObject (hdc=0x3e0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.298] GetCurrentObject (hdc=0x3e0108ef, type=0x6) returned 0x58a00b4 [0263.301] SaveDC (hdc=0x3e0108ef) returned 1 [0263.303] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x9404091d [0263.303] GetClipRgn (hdc=0x3e0108ef, hrgn=0x9404091d) returned 0 [0263.303] SelectClipRgn (hdc=0x3e0108ef, hrgn=0x660408db) returned 2 [0263.303] DeleteObject (ho=0x9404091d) returned 1 [0263.304] DeleteObject (ho=0x660408db) returned 1 [0263.304] OffsetViewportOrgEx (in: hdc=0x3e0108ef, x=0, y=0, lppt=0x219a5c0 | out: lppt=0x219a5c0) returned 1 [0263.304] IsAppThemed () returned 0x1 [0263.304] GetThemeAppProperties () returned 0x3 [0263.304] GetThemeBackgroundContentRect () returned 0x0 [0263.305] RestoreDC (hdc=0x3e0108ef, nSavedDC=-1) returned 1 [0263.305] GdipReleaseDC (graphics=0x1c5789b0, hdc=0x3e0108ef) returned 0x0 [0263.306] GdipGetNearestColor (graphics=0x1c5789b0, argb=0x15d998) returned 0x0 [0263.309] GdipCreateSolidFill (color=0xffffffffffbfcddb, brush=0x15d980) returned 0x0 [0263.310] GdipFillRectangleI (graphics=0x1c5789b0, brush=0x1c57b240, x=4, y=4, width=200, height=39) returned 0x0 [0263.311] GdipDeleteBrush (brush=0x1c57b240) returned 0x0 [0263.311] IsAppThemed () returned 0x1 [0263.311] GetThemeAppProperties () returned 0x3 [0263.311] GdipGetTextRenderingHint (graphics=0x1c5789b0, mode=0x15d988) returned 0x0 [0263.312] GdipGetDC (graphics=0x1c5789b0, hdc=0x15d978) returned 0x0 [0263.312] GetCurrentObject (hdc=0x3e0108ef, type=0x1) returned 0xb00017 [0263.313] GetCurrentObject (hdc=0x3e0108ef, type=0x2) returned 0x900010 [0263.313] GetCurrentObject (hdc=0x3e0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.313] GetCurrentObject (hdc=0x3e0108ef, type=0x6) returned 0x58a00b4 [0263.314] SaveDC (hdc=0x3e0108ef) returned 1 [0263.315] GetTextAlign (hdc=0x3e0108ef) returned 0x0 [0263.315] GetTextColor (hdc=0x3e0108ef) returned 0x0 [0263.315] GetCurrentObject (hdc=0x3e0108ef, type=0x6) returned 0x58a00b4 [0263.316] GetObjectW (in: h=0x58a00b4, c=92, pv=0x15d470 | out: pv=0x15d470) returned 92 [0263.317] SelectObject (hdc=0x3e0108ef, h=0xffffffff8b0a094b) returned 0x58a00b4 [0263.317] GetBkMode (hdc=0x3e0108ef) returned 2 [0263.317] SetBkMode (hdc=0x3e0108ef, mode=1) returned 2 [0263.318] DrawTextExW (in: hdc=0x3e0108ef, lpchText="Decrypt Files", cchText=13, lprc=0x15d6c8, format=0x102415, lpdtp=0x219aa78 | out: lpchText="Decrypt Files", lprc=0x15d6c8) returned 20 [0263.318] DrawTextExW (in: hdc=0x3e0108ef, lpchText="Decrypt Files", cchText=13, lprc=0x15d8f8, format=0x102015, lpdtp=0x219aa78 | out: lpchText="Decrypt Files", lprc=0x15d8f8) returned 20 [0263.320] RestoreDC (hdc=0x3e0108ef, nSavedDC=-1) returned 1 [0263.320] GdipReleaseDC (graphics=0x1c5789b0, hdc=0x3e0108ef) returned 0x0 [0263.320] GetFocus () returned 0xa0050 [0263.321] IsAppThemed () returned 0x1 [0263.321] GetThemeAppProperties () returned 0x3 [0263.321] GdipGetDC (graphics=0x1c5789b0, hdc=0x15dcd8) returned 0x0 [0263.321] BitBlt (hdc=0x580108aa, x=0, y=0, cx=208, cy=47, hdcSrc=0x3e0108ef, x1=0, y1=0, rop=0xcc0020) returned 1 [0263.327] GdipReleaseDC (graphics=0x1c5789b0, hdc=0x3e0108ef) returned 0x0 [0263.327] SelectPalette (hdc=0x580108aa, hPal=0x88000b, bForceBkgd=0) returned 0x5308094c [0263.327] SelectObject (hdc=0x3e0108ef, h=0x85000f) returned 0xffffffffaf0505b7 [0263.327] DeleteDC (hdc=0x3e0108ef) returned 1 [0263.327] GdipDeleteGraphics (graphics=0x1c5789b0) returned 0x0 [0263.327] EndPaint (hWnd=0xa0050, lpPaint=0x15dcb8) returned 1 [0263.328] MapWindowPoints (in: hWndFrom=0xa0050, hWndTo=0x0, lpPoints=0x219ab60, cPoints=0x1 | out: lpPoints=0x219ab60) returned 36962601 [0263.328] WindowFromPoint (Point=0x24500000182) returned 0xa0050 [0263.329] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0263.335] NotifyWinEvent (event=0x800a, hwnd=0xa0050, idObject=-4, idChild=0) [0263.335] NotifyWinEvent (event=0x800c, hwnd=0xa0050, idObject=-4, idChild=0) [0263.431] GetWindowTextLengthW (hWnd=0x80386) returned 0 [0263.431] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0263.434] GetSystemMetrics (nIndex=42) returned 0 [0263.434] GetWindowTextW (in: hWnd=0x80386, lpString=0x15e3f0, nMaxCount=1 | out: lpString="") returned 0 [0263.434] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xd, wParam=0x1, lParam=0x15e3f0) returned 0x0 [0263.441] GetWindowTextLengthW (hWnd=0x80386) returned 0 [0263.441] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0263.441] GetSystemMetrics (nIndex=42) returned 0 [0263.441] GetWindowTextW (in: hWnd=0x80386, lpString=0x15e3b0, nMaxCount=1 | out: lpString="") returned 0 [0263.441] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xd, wParam=0x1, lParam=0x15e3b0) returned 0x0 [0263.441] GetWindowTextLengthW (hWnd=0xa0050) returned 13 [0263.441] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xd [0263.442] GetSystemMetrics (nIndex=42) returned 0 [0263.442] GetWindowTextW (in: hWnd=0xa0050, lpString=0x15e360, nMaxCount=14 | out: lpString="Decrypt Files") returned 13 [0263.442] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0xd, wParam=0xe, lParam=0x15e360) returned 0xd [0263.442] SetWindowTextW (hWnd=0xa0050, lpString="Wrong Password..buy it..") returned 1 [0263.442] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0xc, wParam=0x0, lParam=0x219c7a4) returned 0x1 [0263.443] GetStockObject (i=5) returned 0x900015 [0263.444] GetStockObject (i=5) returned 0x900015 [0263.444] GetDlgItem (hDlg=0x40376, nIDDlgItem=655440) returned 0xa0050 [0263.444] SendMessageW (hWnd=0xa0050, Msg=0x202b, wParam=0xa0050, lParam=0x15d8a0) returned 0x0 [0263.444] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x202b, wParam=0xa0050, lParam=0x15d8a0) returned 0x0 [0263.445] InvalidateRect (hWnd=0xa0050, lpRect=0x0, bErase=0) returned 1 [0263.445] GetCapture () returned 0xa0050 [0263.446] ReleaseCapture () returned 1 [0263.448] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x215, wParam=0x0, lParam=0x0) returned 0x0 [0263.448] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.448] IsWindowUnicode (hWnd=0xa0050) returned 1 [0263.448] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.448] TranslateMessage (lpMsg=0x15ee30) returned 0 [0263.448] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0263.449] BeginPaint (in: hWnd=0xa0050, lpPaint=0x15e468 | out: lpPaint=0x15e468) returned 0x580108aa [0263.449] SelectPalette (hdc=0x580108aa, hPal=0x5308094c, bForceBkgd=1) returned 0x88000b [0263.449] CreateCompatibleDC (hdc=0x580108aa) returned 0x3f0108ef [0263.449] SelectObject (hdc=0x3f0108ef, h=0xffffffffaf0505b7) returned 0x85000f [0263.449] GdipCreateFromHDC (hdc=0x3f0108ef, graphics=0x15e3d8) returned 0x0 [0263.450] GdipTranslateWorldTransform (graphics=0x1c5789b0, dx=0x7ffa837b8354, dy=0x2adc743b6b29, order=0x0) returned 0x0 [0263.450] GdipSetClipRectI (graphics=0x1c5789b0, x=0, y=0, width=208, height=47, combineMode=0x0) returned 0x0 [0263.451] GdipCreateMatrix (matrix=0x15e410) returned 0x0 [0263.451] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c572470) returned 0x0 [0263.451] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15e478) returned 0x0 [0263.451] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75620 [0263.452] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df75620) returned 0x0 [0263.452] LocalFree (hMem=0x1df75620) returned 0x0 [0263.452] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0263.453] GdipCreateRegion (region=0x15e410) returned 0x0 [0263.453] GdipGetClip (graphics=0x1c5789b0, region=0x1c578e60) returned 0x0 [0263.453] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15e470) returned 0x0 [0263.453] GdipSaveGraphics (graphics=0x1c5789b0, state=0x15e510) returned 0x0 [0263.454] GdipRestoreGraphics (graphics=0x1c5789b0, state=0xfffffffffda40dbd) returned 0x0 [0263.454] GdipDeleteRegion (region=0x1c578e60) returned 0x0 [0263.454] GdipGetDC (graphics=0x1c5789b0, hdc=0x15e118) returned 0x0 [0263.454] GetCurrentObject (hdc=0x3f0108ef, type=0x1) returned 0xb00017 [0263.454] GetCurrentObject (hdc=0x3f0108ef, type=0x2) returned 0x900010 [0263.455] GetCurrentObject (hdc=0x3f0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.455] GetCurrentObject (hdc=0x3f0108ef, type=0x6) returned 0x58a00b4 [0263.456] SaveDC (hdc=0x3f0108ef) returned 1 [0263.456] GetNearestColor (hdc=0x3f0108ef, color=0xdbcdbf) returned 0xdbcdbf [0263.456] GetNearestColor (hdc=0x3f0108ef, color=0x574431) returned 0x574431 [0263.456] GetNearestColor (hdc=0x3f0108ef, color=0x0) returned 0x0 [0263.457] GetNearestColor (hdc=0x3f0108ef, color=0x574431) returned 0x574431 [0263.457] GetNearestColor (hdc=0x3f0108ef, color=0x0) returned 0x0 [0263.457] GetNearestColor (hdc=0x3f0108ef, color=0xede7e0) returned 0xede7e0 [0263.457] GetNearestColor (hdc=0x3f0108ef, color=0xd5cfc9) returned 0xd5cfc9 [0263.457] GetNearestColor (hdc=0x3f0108ef, color=0xc5b8ab) returned 0xc5b8ab [0263.457] GetNearestColor (hdc=0x3f0108ef, color=0x0) returned 0x0 [0263.457] GetNearestColor (hdc=0x3f0108ef, color=0x574431) returned 0x574431 [0263.457] RestoreDC (hdc=0x3f0108ef, nSavedDC=-1) returned 1 [0263.457] GdipReleaseDC (graphics=0x1c5789b0, hdc=0x3f0108ef) returned 0x0 [0263.458] IsAppThemed () returned 0x1 [0263.458] GetThemeAppProperties () returned 0x3 [0263.458] IsAppThemed () returned 0x1 [0263.458] GetThemeAppProperties () returned 0x3 [0263.458] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="Wrong Password..buy it..", cchText=24, lprc=0x15de28, format=0x102415, lpdtp=0x219d308 | out: lpchText="Wrong Password..buy it..", lprc=0x15de28) returned 20 [0263.458] IsAppThemed () returned 0x1 [0263.458] GetThemeAppProperties () returned 0x3 [0263.459] IsAppThemed () returned 0x1 [0263.459] GetThemeAppProperties () returned 0x3 [0263.459] IsAppThemed () returned 0x1 [0263.459] GetThemeAppProperties () returned 0x3 [0263.459] IsAppThemed () returned 0x1 [0263.460] GetThemeAppProperties () returned 0x3 [0263.460] IsThemePartDefined () returned 0x1 [0263.460] IsAppThemed () returned 0x1 [0263.460] GetThemeAppProperties () returned 0x3 [0263.460] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0263.460] IsAppThemed () returned 0x1 [0263.460] GetThemeAppProperties () returned 0x3 [0263.460] IsAppThemed () returned 0x1 [0263.460] GetThemeAppProperties () returned 0x3 [0263.460] IsThemePartDefined () returned 0x1 [0263.461] GdipCreateRegion (region=0x15de50) returned 0x0 [0263.461] GdipGetClip (graphics=0x1c5789b0, region=0x1c578e60) returned 0x0 [0263.461] GdipCreateMatrix (matrix=0x15de50) returned 0x0 [0263.462] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c578d90) returned 0x0 [0263.462] GdipIsMatrixIdentity (matrix=0x1c578d90, result=0x15deb8) returned 0x0 [0263.462] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74e20 [0263.462] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df74e20) returned 0x0 [0263.462] LocalFree (hMem=0x1df74e20) returned 0x0 [0263.465] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75620 [0263.465] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df75620) returned 0x0 [0263.466] LocalFree (hMem=0x1df75620) returned 0x0 [0263.466] GdipDeleteMatrix (matrix=0x1c578d90) returned 0x0 [0263.466] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15df10) returned 0x0 [0263.466] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15ded0) returned 0x0 [0263.466] GdipGetRegionHRgn (region=0x1c578e60, graphics=0x1c5789b0, hRgn=0x15ded0) returned 0x0 [0263.466] GdipDeleteRegion (region=0x1c578e60) returned 0x0 [0263.466] GdipGetDC (graphics=0x1c5789b0, hdc=0x15df18) returned 0x0 [0263.467] GetCurrentObject (hdc=0x3f0108ef, type=0x1) returned 0xb00017 [0263.467] GetCurrentObject (hdc=0x3f0108ef, type=0x2) returned 0x900010 [0263.467] GetCurrentObject (hdc=0x3f0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.467] GetCurrentObject (hdc=0x3f0108ef, type=0x6) returned 0x58a00b4 [0263.468] SaveDC (hdc=0x3f0108ef) returned 1 [0263.469] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x670408db [0263.469] GetClipRgn (hdc=0x3f0108ef, hrgn=0x670408db) returned 0 [0263.469] SelectClipRgn (hdc=0x3f0108ef, hrgn=0x9804091d) returned 2 [0263.469] DeleteObject (ho=0x670408db) returned 1 [0263.469] DeleteObject (ho=0x9804091d) returned 1 [0263.469] OffsetViewportOrgEx (in: hdc=0x3f0108ef, x=0, y=0, lppt=0x219da48 | out: lppt=0x219da48) returned 1 [0263.469] DrawThemeParentBackground () returned 0x0 [0263.470] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15d9b8 | out: lpwndpl=0x15d9b8) returned 1 [0263.470] GetClientRect (in: hWnd=0x40376, lpRect=0x15d900 | out: lpRect=0x15d900) returned 1 [0263.470] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0263.470] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0263.470] GetSystemMetrics (nIndex=42) returned 0 [0263.470] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d650, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0263.470] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d650) returned 0xb [0263.471] GetClientRect (in: hWnd=0x40376, lpRect=0x15d6c8 | out: lpRect=0x15d6c8) returned 1 [0263.471] GetCurrentObject (hdc=0x3f0108ef, type=0x1) returned 0xb00017 [0263.471] GetCurrentObject (hdc=0x3f0108ef, type=0x2) returned 0x900010 [0263.471] GetCurrentObject (hdc=0x3f0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.471] GetCurrentObject (hdc=0x3f0108ef, type=0x6) returned 0x58a00b4 [0263.472] SaveDC (hdc=0x3f0108ef) returned 2 [0263.472] GetNearestColor (hdc=0x3f0108ef, color=0x80) returned 0x80 [0263.473] CreateSolidBrush (color=0x80) returned 0x7c1008a6 [0263.473] FillRect (hDC=0x3f0108ef, lprc=0x15d3b0, hbr=0x7c1008a6) returned 1 [0263.473] DeleteObject (ho=0x7c1008a6) returned 1 [0263.473] RestoreDC (hdc=0x3f0108ef, nSavedDC=-1) returned 1 [0263.474] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0263.474] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0263.474] GetSystemMetrics (nIndex=42) returned 0 [0263.474] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d5c0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0263.474] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d5c0) returned 0xb [0263.474] GetClientRect (in: hWnd=0x40376, lpRect=0x15d638 | out: lpRect=0x15d638) returned 1 [0263.475] GetCurrentObject (hdc=0x3f0108ef, type=0x1) returned 0xb00017 [0263.475] GetCurrentObject (hdc=0x3f0108ef, type=0x2) returned 0x900010 [0263.475] GetCurrentObject (hdc=0x3f0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.475] GetCurrentObject (hdc=0x3f0108ef, type=0x6) returned 0x58a00b4 [0263.476] SaveDC (hdc=0x3f0108ef) returned 2 [0263.476] GetNearestColor (hdc=0x3f0108ef, color=0x80) returned 0x80 [0263.477] CreateSolidBrush (color=0x80) returned 0x7d1008a6 [0263.477] FillRect (hDC=0x3f0108ef, lprc=0x15d320, hbr=0x7d1008a6) returned 1 [0263.477] DeleteObject (ho=0x7d1008a6) returned 1 [0263.477] RestoreDC (hdc=0x3f0108ef, nSavedDC=-1) returned 1 [0263.477] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0263.477] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0263.477] GetSystemMetrics (nIndex=42) returned 0 [0263.477] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d5c0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0263.477] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d5c0) returned 0xb [0263.555] RestoreDC (hdc=0x3f0108ef, nSavedDC=-1) returned 1 [0263.555] GdipReleaseDC (graphics=0x1c5789b0, hdc=0x3f0108ef) returned 0x0 [0263.555] IsAppThemed () returned 0x1 [0263.556] GetThemeAppProperties () returned 0x3 [0263.556] IsAppThemed () returned 0x1 [0263.556] GetThemeAppProperties () returned 0x3 [0263.556] IsThemePartDefined () returned 0x1 [0263.558] GdipCreateRegion (region=0x15dde0) returned 0x0 [0263.558] GdipGetClip (graphics=0x1c5789b0, region=0x1c578e60) returned 0x0 [0263.558] GdipCreateMatrix (matrix=0x15dde0) returned 0x0 [0263.558] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c572470) returned 0x0 [0263.558] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15de48) returned 0x0 [0263.559] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75220 [0263.559] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df75220) returned 0x0 [0263.560] LocalFree (hMem=0x1df75220) returned 0x0 [0263.560] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74d60 [0263.560] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df74d60) returned 0x0 [0263.561] LocalFree (hMem=0x1df74d60) returned 0x0 [0263.561] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0263.561] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15dea0) returned 0x0 [0263.561] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15de60) returned 0x0 [0263.561] GdipGetRegionHRgn (region=0x1c578e60, graphics=0x1c5789b0, hRgn=0x15de60) returned 0x0 [0263.562] GdipDeleteRegion (region=0x1c578e60) returned 0x0 [0263.562] GdipGetDC (graphics=0x1c5789b0, hdc=0x15dea8) returned 0x0 [0263.562] GetCurrentObject (hdc=0x3f0108ef, type=0x1) returned 0xb00017 [0263.562] GetCurrentObject (hdc=0x3f0108ef, type=0x2) returned 0x900010 [0263.562] GetCurrentObject (hdc=0x3f0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.563] GetCurrentObject (hdc=0x3f0108ef, type=0x6) returned 0x58a00b4 [0263.564] SaveDC (hdc=0x3f0108ef) returned 1 [0263.565] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x9904091d [0263.565] GetClipRgn (hdc=0x3f0108ef, hrgn=0x9904091d) returned 0 [0263.565] SelectClipRgn (hdc=0x3f0108ef, hrgn=0x690408db) returned 2 [0263.565] DeleteObject (ho=0x9904091d) returned 1 [0263.565] DeleteObject (ho=0x690408db) returned 1 [0263.565] OffsetViewportOrgEx (in: hdc=0x3f0108ef, x=0, y=0, lppt=0x21dde10 | out: lppt=0x21dde10) returned 1 [0263.565] IsAppThemed () returned 0x1 [0263.565] GetThemeAppProperties () returned 0x3 [0263.565] DrawThemeBackground () returned 0x0 [0263.566] RestoreDC (hdc=0x3f0108ef, nSavedDC=-1) returned 1 [0263.566] GdipReleaseDC (graphics=0x1c5789b0, hdc=0x3f0108ef) returned 0x0 [0263.567] GdipCreateRegion (region=0x15dde0) returned 0x0 [0263.567] GdipGetClip (graphics=0x1c5789b0, region=0x1c578e60) returned 0x0 [0263.567] GdipCreateMatrix (matrix=0x15dde0) returned 0x0 [0263.567] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c578d90) returned 0x0 [0263.568] GdipIsMatrixIdentity (matrix=0x1c578d90, result=0x15de48) returned 0x0 [0263.568] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75920 [0263.568] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df75920) returned 0x0 [0263.569] LocalFree (hMem=0x1df75920) returned 0x0 [0263.569] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df757a0 [0263.569] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df757a0) returned 0x0 [0263.570] LocalFree (hMem=0x1df757a0) returned 0x0 [0263.570] GdipDeleteMatrix (matrix=0x1c578d90) returned 0x0 [0263.570] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15dea0) returned 0x0 [0263.570] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15de60) returned 0x0 [0263.570] GdipGetRegionHRgn (region=0x1c578e60, graphics=0x1c5789b0, hRgn=0x15de60) returned 0x0 [0263.571] GdipDeleteRegion (region=0x1c578e60) returned 0x0 [0263.571] GdipGetDC (graphics=0x1c5789b0, hdc=0x15dea8) returned 0x0 [0263.571] GetCurrentObject (hdc=0x3f0108ef, type=0x1) returned 0xb00017 [0263.571] GetCurrentObject (hdc=0x3f0108ef, type=0x2) returned 0x900010 [0263.571] GetCurrentObject (hdc=0x3f0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.572] GetCurrentObject (hdc=0x3f0108ef, type=0x6) returned 0x58a00b4 [0263.574] SaveDC (hdc=0x3f0108ef) returned 1 [0263.575] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x6a0408db [0263.575] GetClipRgn (hdc=0x3f0108ef, hrgn=0x6a0408db) returned 0 [0263.575] SelectClipRgn (hdc=0x3f0108ef, hrgn=0x9a04091d) returned 2 [0263.575] DeleteObject (ho=0x6a0408db) returned 1 [0263.575] DeleteObject (ho=0x9a04091d) returned 1 [0263.575] OffsetViewportOrgEx (in: hdc=0x3f0108ef, x=0, y=0, lppt=0x21de2a8 | out: lppt=0x21de2a8) returned 1 [0263.575] IsAppThemed () returned 0x1 [0263.576] GetThemeAppProperties () returned 0x3 [0263.576] GetThemeBackgroundContentRect () returned 0x0 [0263.576] RestoreDC (hdc=0x3f0108ef, nSavedDC=-1) returned 1 [0263.576] GdipReleaseDC (graphics=0x1c5789b0, hdc=0x3f0108ef) returned 0x0 [0263.576] GdipGetNearestColor (graphics=0x1c5789b0, argb=0x15e0e8) returned 0x0 [0263.576] GdipCreateSolidFill (color=0xffffffffffbfcddb, brush=0x15e0d0) returned 0x0 [0263.576] GdipFillRectangleI (graphics=0x1c5789b0, brush=0x1c578e60, x=4, y=4, width=200, height=39) returned 0x0 [0263.577] GdipDeleteBrush (brush=0x1c578e60) returned 0x0 [0263.577] IsAppThemed () returned 0x1 [0263.577] GetThemeAppProperties () returned 0x3 [0263.577] GdipGetTextRenderingHint (graphics=0x1c5789b0, mode=0x15e0d8) returned 0x0 [0263.577] GdipGetDC (graphics=0x1c5789b0, hdc=0x15e0c8) returned 0x0 [0263.578] GetCurrentObject (hdc=0x3f0108ef, type=0x1) returned 0xb00017 [0263.578] GetCurrentObject (hdc=0x3f0108ef, type=0x2) returned 0x900010 [0263.578] GetCurrentObject (hdc=0x3f0108ef, type=0x7) returned 0xffffffffaf0505b7 [0263.578] GetCurrentObject (hdc=0x3f0108ef, type=0x6) returned 0x58a00b4 [0263.579] SaveDC (hdc=0x3f0108ef) returned 1 [0263.579] GetTextAlign (hdc=0x3f0108ef) returned 0x0 [0263.580] GetTextColor (hdc=0x3f0108ef) returned 0x0 [0263.580] GetCurrentObject (hdc=0x3f0108ef, type=0x6) returned 0x58a00b4 [0263.580] GetObjectW (in: h=0x58a00b4, c=92, pv=0x15dbc0 | out: pv=0x15dbc0) returned 92 [0263.581] SelectObject (hdc=0x3f0108ef, h=0xffffffff8b0a094b) returned 0x58a00b4 [0263.581] GetBkMode (hdc=0x3f0108ef) returned 2 [0263.581] SetBkMode (hdc=0x3f0108ef, mode=1) returned 2 [0263.581] DrawTextExW (in: hdc=0x3f0108ef, lpchText="Wrong Password..buy it..", cchText=24, lprc=0x15de18, format=0x102415, lpdtp=0x21de760 | out: lpchText="Wrong Password..buy it..", lprc=0x15de18) returned 20 [0263.581] DrawTextExW (in: hdc=0x3f0108ef, lpchText="Wrong Password..buy it..", cchText=24, lprc=0x15e048, format=0x102015, lpdtp=0x21de760 | out: lpchText="Wrong Password..buy it..", lprc=0x15e048) returned 20 [0263.585] RestoreDC (hdc=0x3f0108ef, nSavedDC=-1) returned 1 [0263.585] GdipReleaseDC (graphics=0x1c5789b0, hdc=0x3f0108ef) returned 0x0 [0263.585] GetFocus () returned 0xa0050 [0263.586] IsAppThemed () returned 0x1 [0263.586] GetThemeAppProperties () returned 0x3 [0263.586] GdipGetDC (graphics=0x1c5789b0, hdc=0x15e428) returned 0x0 [0263.586] BitBlt (hdc=0x580108aa, x=0, y=0, cx=208, cy=47, hdcSrc=0x3f0108ef, x1=0, y1=0, rop=0xcc0020) returned 1 [0263.586] GdipReleaseDC (graphics=0x1c5789b0, hdc=0x3f0108ef) returned 0x0 [0263.586] SelectPalette (hdc=0x580108aa, hPal=0x88000b, bForceBkgd=0) returned 0x5308094c [0263.587] SelectObject (hdc=0x3f0108ef, h=0x85000f) returned 0xffffffffaf0505b7 [0263.587] DeleteDC (hdc=0x3f0108ef) returned 1 [0263.587] GdipDeleteGraphics (graphics=0x1c5789b0) returned 0x0 [0263.587] EndPaint (hWnd=0xa0050, lpPaint=0x15e408) returned 1 [0263.590] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.590] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0263.590] IsWindowUnicode (hWnd=0xa0050) returned 1 [0263.590] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.590] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0263.591] SetCursor (hCursor=0x10003) returned 0x10003 [0263.591] TranslateMessage (lpMsg=0x15ee30) returned 0 [0263.591] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0263.591] GetKeyState (nVirtKey=1) returned 1 [0263.591] GetKeyState (nVirtKey=2) returned 0 [0263.591] GetKeyState (nVirtKey=4) returned 0 [0263.591] GetKeyState (nVirtKey=5) returned 0 [0263.591] GetKeyState (nVirtKey=6) returned 0 [0263.591] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.592] IsWindowUnicode (hWnd=0x80386) returned 1 [0263.592] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.592] TranslateMessage (lpMsg=0x15ee30) returned 0 [0263.592] DispatchMessageW (lpMsg=0x15ee30) returned 0x1 [0263.592] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0263.592] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x1 [0263.593] SetTextColor (hdc=0xffffffffb2010715, color=0x0) returned 0x0 [0263.593] SetBkColor (hdc=0xffffffffb2010715, color=0xffffff) returned 0xffffff [0263.594] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15d248 | out: lpwndpl=0x15d248) returned 1 [0263.594] GetClientRect (in: hWnd=0x40376, lpRect=0x15d190 | out: lpRect=0x15d190) returned 1 [0263.594] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0263.594] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0263.594] GetSystemMetrics (nIndex=42) returned 0 [0263.594] GetWindowTextW (in: hWnd=0x40376, lpString=0x15cee0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0263.594] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15cee0) returned 0xb [0263.595] GetClientRect (in: hWnd=0x40376, lpRect=0x15cf58 | out: lpRect=0x15cf58) returned 1 [0263.595] GetCurrentObject (hdc=0x410108ef, type=0x1) returned 0xb00017 [0263.595] GetCurrentObject (hdc=0x410108ef, type=0x2) returned 0x900010 [0263.595] GetCurrentObject (hdc=0x410108ef, type=0x7) returned 0x70050956 [0263.595] GetCurrentObject (hdc=0x410108ef, type=0x6) returned 0x58a00b4 [0263.596] SaveDC (hdc=0x410108ef) returned 1 [0263.597] GetNearestColor (hdc=0x410108ef, color=0x80) returned 0x80 [0263.597] CreateSolidBrush (color=0x80) returned 0x7e1008a6 [0263.597] FillRect (hDC=0x410108ef, lprc=0x15cc40, hbr=0x7e1008a6) returned 1 [0263.597] DeleteObject (ho=0x7e1008a6) returned 1 [0263.597] RestoreDC (hdc=0x410108ef, nSavedDC=-1) returned 1 [0263.598] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0263.598] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0263.598] GetSystemMetrics (nIndex=42) returned 0 [0263.598] GetWindowTextW (in: hWnd=0x40376, lpString=0x15ce50, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0263.598] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15ce50) returned 0xb [0263.598] GetClientRect (in: hWnd=0x40376, lpRect=0x15cec8 | out: lpRect=0x15cec8) returned 1 [0263.599] GetCurrentObject (hdc=0x410108ef, type=0x1) returned 0xb00017 [0263.599] GetCurrentObject (hdc=0x410108ef, type=0x2) returned 0x900010 [0263.599] GetCurrentObject (hdc=0x410108ef, type=0x7) returned 0x70050956 [0263.599] GetCurrentObject (hdc=0x410108ef, type=0x6) returned 0x58a00b4 [0263.600] SaveDC (hdc=0x410108ef) returned 1 [0263.600] GetNearestColor (hdc=0x410108ef, color=0x80) returned 0x80 [0263.601] CreateSolidBrush (color=0x80) returned 0x7f1008a6 [0263.601] FillRect (hDC=0x410108ef, lprc=0x15cbb0, hbr=0x7f1008a6) returned 1 [0263.601] DeleteObject (ho=0x7f1008a6) returned 1 [0263.601] RestoreDC (hdc=0x410108ef, nSavedDC=-1) returned 1 [0263.601] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0263.601] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0263.601] GetSystemMetrics (nIndex=42) returned 0 [0263.601] GetWindowTextW (in: hWnd=0x40376, lpString=0x15ce50, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0263.601] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15ce50) returned 0xb [0263.605] SetTextColor (hdc=0x420108ef, color=0x0) returned 0x0 [0263.605] SetBkColor (hdc=0x420108ef, color=0xffffff) returned 0xffffff [0263.606] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.606] IsWindowUnicode (hWnd=0x3020e) returned 1 [0263.606] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0263.606] TranslateMessage (lpMsg=0x15ee30) returned 0 [0263.606] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0263.606] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0263.606] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0263.607] WaitMessage () returned 1 [0264.605] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0264.606] GetMessageA (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0264.606] TranslateMessage (lpMsg=0x15ee30) returned 0 [0264.606] DispatchMessageA (lpMsg=0x15ee30) returned 0x1 [0264.609] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0264.609] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0264.610] WaitMessage () returned 1 [0266.671] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0266.671] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0266.672] IsWindowUnicode (hWnd=0xa0050) returned 1 [0266.672] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0266.672] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0266.672] SetCursor (hCursor=0x10003) returned 0x10003 [0266.673] TranslateMessage (lpMsg=0x15ee30) returned 0 [0266.673] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0266.673] GetKeyState (nVirtKey=1) returned 1 [0266.673] GetKeyState (nVirtKey=2) returned 0 [0266.673] GetKeyState (nVirtKey=4) returned 0 [0266.673] GetKeyState (nVirtKey=5) returned 0 [0266.673] GetKeyState (nVirtKey=6) returned 0 [0266.673] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0266.673] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0266.674] WaitMessage () returned 1 [0267.010] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.010] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0267.010] IsWindowUnicode (hWnd=0xa0050) returned 1 [0267.010] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.011] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0267.011] SetCursor (hCursor=0x10003) returned 0x10003 [0267.011] TranslateMessage (lpMsg=0x15ee30) returned 0 [0267.011] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0267.011] GetKeyState (nVirtKey=1) returned 1 [0267.011] GetKeyState (nVirtKey=2) returned 0 [0267.011] GetKeyState (nVirtKey=4) returned 0 [0267.011] GetKeyState (nVirtKey=5) returned 0 [0267.012] GetKeyState (nVirtKey=6) returned 0 [0267.012] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0267.012] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0267.012] WaitMessage () returned 1 [0267.026] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.026] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0267.026] IsWindowUnicode (hWnd=0xa0050) returned 1 [0267.026] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.026] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0267.027] SetCursor (hCursor=0x10003) returned 0x10003 [0267.027] TranslateMessage (lpMsg=0x15ee30) returned 0 [0267.027] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0267.027] GetKeyState (nVirtKey=1) returned 1 [0267.027] GetKeyState (nVirtKey=2) returned 0 [0267.027] GetKeyState (nVirtKey=4) returned 0 [0267.027] GetKeyState (nVirtKey=5) returned 0 [0267.027] GetKeyState (nVirtKey=6) returned 0 [0267.027] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0267.027] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0267.027] WaitMessage () returned 1 [0267.064] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.064] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0267.064] IsWindowUnicode (hWnd=0xa0050) returned 1 [0267.064] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.065] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x2450182) returned 0x1 [0267.065] SetCursor (hCursor=0x10003) returned 0x10003 [0267.065] TranslateMessage (lpMsg=0x15ee30) returned 0 [0267.065] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0267.065] GetKeyState (nVirtKey=1) returned 1 [0267.065] GetKeyState (nVirtKey=2) returned 0 [0267.065] GetKeyState (nVirtKey=4) returned 0 [0267.065] GetKeyState (nVirtKey=5) returned 0 [0267.065] GetKeyState (nVirtKey=6) returned 0 [0267.066] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0267.066] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0267.066] WaitMessage () returned 1 [0267.104] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.104] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x23a018b) returned 0x1 [0267.104] IsWindowUnicode (hWnd=0xa0050) returned 1 [0267.104] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.105] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x84, wParam=0x0, lParam=0x23a018b) returned 0x1 [0267.105] SetCursor (hCursor=0x10003) returned 0x10003 [0267.105] TranslateMessage (lpMsg=0x15ee30) returned 0 [0267.105] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0267.105] GetKeyState (nVirtKey=1) returned 1 [0267.105] GetKeyState (nVirtKey=2) returned 0 [0267.105] GetKeyState (nVirtKey=4) returned 0 [0267.105] GetKeyState (nVirtKey=5) returned 0 [0267.105] GetKeyState (nVirtKey=6) returned 0 [0267.106] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0267.106] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0267.106] WaitMessage () returned 1 [0267.111] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.111] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x84, wParam=0x0, lParam=0x2300195) returned 0x12 [0267.112] IsWindowUnicode (hWnd=0x80386) returned 1 [0267.112] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.112] TranslateMessage (lpMsg=0x15ee30) returned 0 [0267.112] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0267.115] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x2a3, wParam=0x0, lParam=0x0) returned 0x0 [0267.116] InvalidateRect (hWnd=0xa0050, lpRect=0x0, bErase=0) returned 1 [0267.116] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.116] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x84, wParam=0x0, lParam=0x2300195) returned 0x12 [0267.117] IsWindowUnicode (hWnd=0x80386) returned 1 [0267.117] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.117] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x84, wParam=0x0, lParam=0x2300195) returned 0x12 [0267.118] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0x20, wParam=0x80386, lParam=0x2000012) returned 0x0 [0267.118] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x20, wParam=0x80386, lParam=0x2000012) returned 0x0 [0267.118] TranslateMessage (lpMsg=0x15ee30) returned 0 [0267.118] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0267.118] CallWindowProcW (lpPrevWndFunc=0x7ffa909a0db0, hWnd=0x80386, Msg=0xa0, wParam=0x12, lParam=0x2300195) returned 0x0 [0267.119] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.119] IsWindowUnicode (hWnd=0xa0050) returned 1 [0267.119] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.119] TranslateMessage (lpMsg=0x15ee30) returned 0 [0267.119] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0267.119] BeginPaint (in: hWnd=0xa0050, lpPaint=0x15e468 | out: lpPaint=0x15e468) returned 0x20105b1 [0267.120] SelectPalette (hdc=0x20105b1, hPal=0x5308094c, bForceBkgd=1) returned 0x88000b [0267.120] CreateCompatibleDC (hdc=0x20105b1) returned 0xffffffff80010956 [0267.120] SelectObject (hdc=0xffffffff80010956, h=0xffffffffaf0505b7) returned 0x85000f [0267.120] GdipCreateFromHDC (hdc=0xffffffff80010956, graphics=0x15e3d8) returned 0x0 [0267.121] GdipTranslateWorldTransform (graphics=0x1c5789b0, dx=0x7ffa837b8354, dy=0x2adc743b6b29, order=0x0) returned 0x0 [0267.122] GdipSetClipRectI (graphics=0x1c5789b0, x=0, y=0, width=208, height=47, combineMode=0x0) returned 0x0 [0267.122] GdipCreateMatrix (matrix=0x15e410) returned 0x0 [0267.123] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c572470) returned 0x0 [0267.123] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15e478) returned 0x0 [0267.123] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75620 [0267.123] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df75620) returned 0x0 [0267.123] LocalFree (hMem=0x1df75620) returned 0x0 [0267.124] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0267.124] GdipCreateRegion (region=0x15e410) returned 0x0 [0267.124] GdipGetClip (graphics=0x1c5789b0, region=0x1c578e60) returned 0x0 [0267.124] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15e470) returned 0x0 [0267.124] GdipSaveGraphics (graphics=0x1c5789b0, state=0x15e510) returned 0x0 [0267.125] GdipRestoreGraphics (graphics=0x1c5789b0, state=0xfffffffffda20dbd) returned 0x0 [0267.125] GdipDeleteRegion (region=0x1c578e60) returned 0x0 [0267.125] GdipGetDC (graphics=0x1c5789b0, hdc=0x15e118) returned 0x0 [0267.126] GetCurrentObject (hdc=0xffffffff80010956, type=0x1) returned 0xb00017 [0267.126] GetCurrentObject (hdc=0xffffffff80010956, type=0x2) returned 0x900010 [0267.126] GetCurrentObject (hdc=0xffffffff80010956, type=0x7) returned 0xffffffffaf0505b7 [0267.126] GetCurrentObject (hdc=0xffffffff80010956, type=0x6) returned 0x58a00b4 [0267.127] SaveDC (hdc=0xffffffff80010956) returned 1 [0267.128] GetNearestColor (hdc=0xffffffff80010956, color=0xdbcdbf) returned 0xdbcdbf [0267.128] GetNearestColor (hdc=0xffffffff80010956, color=0x574431) returned 0x574431 [0267.128] GetNearestColor (hdc=0xffffffff80010956, color=0x0) returned 0x0 [0267.128] GetNearestColor (hdc=0xffffffff80010956, color=0x574431) returned 0x574431 [0267.128] GetNearestColor (hdc=0xffffffff80010956, color=0x0) returned 0x0 [0267.129] GetNearestColor (hdc=0xffffffff80010956, color=0xede7e0) returned 0xede7e0 [0267.129] GetNearestColor (hdc=0xffffffff80010956, color=0xd5cfc9) returned 0xd5cfc9 [0267.129] GetNearestColor (hdc=0xffffffff80010956, color=0xc5b8ab) returned 0xc5b8ab [0267.129] GetNearestColor (hdc=0xffffffff80010956, color=0x0) returned 0x0 [0267.129] GetNearestColor (hdc=0xffffffff80010956, color=0x574431) returned 0x574431 [0267.129] RestoreDC (hdc=0xffffffff80010956, nSavedDC=-1) returned 1 [0267.129] GdipReleaseDC (graphics=0x1c5789b0, hdc=0xffffffff80010956) returned 0x0 [0267.130] IsAppThemed () returned 0x1 [0267.130] GetThemeAppProperties () returned 0x3 [0267.130] IsAppThemed () returned 0x1 [0267.130] GetThemeAppProperties () returned 0x3 [0267.130] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="Wrong Password..buy it..", cchText=24, lprc=0x15de28, format=0x102415, lpdtp=0x22e5250 | out: lpchText="Wrong Password..buy it..", lprc=0x15de28) returned 20 [0267.131] IsAppThemed () returned 0x1 [0267.136] GetThemeAppProperties () returned 0x3 [0267.136] IsAppThemed () returned 0x1 [0267.136] GetThemeAppProperties () returned 0x3 [0267.137] GetFocus () returned 0xa0050 [0267.137] IsAppThemed () returned 0x1 [0267.137] GetThemeAppProperties () returned 0x3 [0267.137] IsAppThemed () returned 0x1 [0267.137] GetThemeAppProperties () returned 0x3 [0267.138] IsThemePartDefined () returned 0x1 [0267.138] IsAppThemed () returned 0x1 [0267.138] GetThemeAppProperties () returned 0x3 [0267.138] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0267.138] IsAppThemed () returned 0x1 [0267.138] GetThemeAppProperties () returned 0x3 [0267.138] IsAppThemed () returned 0x1 [0267.138] GetThemeAppProperties () returned 0x3 [0267.139] IsThemePartDefined () returned 0x1 [0267.139] GdipCreateRegion (region=0x15de50) returned 0x0 [0267.139] GdipGetClip (graphics=0x1c5789b0, region=0x1c578e60) returned 0x0 [0267.140] GdipCreateMatrix (matrix=0x15de50) returned 0x0 [0267.140] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c578d90) returned 0x0 [0267.140] GdipIsMatrixIdentity (matrix=0x1c578d90, result=0x15deb8) returned 0x0 [0267.140] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74a60 [0267.140] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df74a60) returned 0x0 [0267.141] LocalFree (hMem=0x1df74a60) returned 0x0 [0267.141] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df750e0 [0267.141] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df750e0) returned 0x0 [0267.142] LocalFree (hMem=0x1df750e0) returned 0x0 [0267.142] GdipDeleteMatrix (matrix=0x1c578d90) returned 0x0 [0267.142] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15df10) returned 0x0 [0267.142] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15ded0) returned 0x0 [0267.142] GdipGetRegionHRgn (region=0x1c578e60, graphics=0x1c5789b0, hRgn=0x15ded0) returned 0x0 [0267.143] GdipDeleteRegion (region=0x1c578e60) returned 0x0 [0267.143] GdipGetDC (graphics=0x1c5789b0, hdc=0x15df18) returned 0x0 [0267.143] GetCurrentObject (hdc=0xffffffff80010956, type=0x1) returned 0xb00017 [0267.143] GetCurrentObject (hdc=0xffffffff80010956, type=0x2) returned 0x900010 [0267.143] GetCurrentObject (hdc=0xffffffff80010956, type=0x7) returned 0xffffffffaf0505b7 [0267.143] GetCurrentObject (hdc=0xffffffff80010956, type=0x6) returned 0x58a00b4 [0267.145] SaveDC (hdc=0xffffffff80010956) returned 1 [0267.145] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x7e0406d4 [0267.145] GetClipRgn (hdc=0xffffffff80010956, hrgn=0x7e0406d4) returned 0 [0267.146] SelectClipRgn (hdc=0xffffffff80010956, hrgn=0xa004091d) returned 2 [0267.146] DeleteObject (ho=0x7e0406d4) returned 1 [0267.146] DeleteObject (ho=0xa004091d) returned 1 [0267.146] OffsetViewportOrgEx (in: hdc=0xffffffff80010956, x=0, y=0, lppt=0x22e5990 | out: lppt=0x22e5990) returned 1 [0267.146] DrawThemeParentBackground () returned 0x0 [0267.152] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15d9b8 | out: lpwndpl=0x15d9b8) returned 1 [0267.152] GetClientRect (in: hWnd=0x40376, lpRect=0x15d900 | out: lpRect=0x15d900) returned 1 [0267.152] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0267.152] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0267.153] GetSystemMetrics (nIndex=42) returned 0 [0267.153] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d650, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0267.153] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d650) returned 0xb [0267.153] GetClientRect (in: hWnd=0x40376, lpRect=0x15d6c8 | out: lpRect=0x15d6c8) returned 1 [0267.154] GetCurrentObject (hdc=0xffffffff80010956, type=0x1) returned 0xb00017 [0267.154] GetCurrentObject (hdc=0xffffffff80010956, type=0x2) returned 0x900010 [0267.154] GetCurrentObject (hdc=0xffffffff80010956, type=0x7) returned 0xffffffffaf0505b7 [0267.154] GetCurrentObject (hdc=0xffffffff80010956, type=0x6) returned 0x58a00b4 [0267.155] SaveDC (hdc=0xffffffff80010956) returned 2 [0267.156] GetNearestColor (hdc=0xffffffff80010956, color=0x80) returned 0x80 [0267.156] CreateSolidBrush (color=0x80) returned 0x801008a6 [0267.156] FillRect (hDC=0xffffffff80010956, lprc=0x15d3b0, hbr=0x801008a6) returned 1 [0267.156] DeleteObject (ho=0x801008a6) returned 1 [0267.157] RestoreDC (hdc=0xffffffff80010956, nSavedDC=-1) returned 1 [0267.157] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0267.157] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0267.157] GetSystemMetrics (nIndex=42) returned 0 [0267.158] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d5c0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0267.158] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d5c0) returned 0xb [0267.158] GetClientRect (in: hWnd=0x40376, lpRect=0x15d638 | out: lpRect=0x15d638) returned 1 [0267.159] GetCurrentObject (hdc=0xffffffff80010956, type=0x1) returned 0xb00017 [0267.159] GetCurrentObject (hdc=0xffffffff80010956, type=0x2) returned 0x900010 [0267.159] GetCurrentObject (hdc=0xffffffff80010956, type=0x7) returned 0xffffffffaf0505b7 [0267.159] GetCurrentObject (hdc=0xffffffff80010956, type=0x6) returned 0x58a00b4 [0267.160] SaveDC (hdc=0xffffffff80010956) returned 2 [0267.161] GetNearestColor (hdc=0xffffffff80010956, color=0x80) returned 0x80 [0267.161] CreateSolidBrush (color=0x80) returned 0x811008a6 [0267.161] FillRect (hDC=0xffffffff80010956, lprc=0x15d320, hbr=0x811008a6) returned 1 [0267.161] DeleteObject (ho=0x811008a6) returned 1 [0267.161] RestoreDC (hdc=0xffffffff80010956, nSavedDC=-1) returned 1 [0267.162] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0267.162] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0267.162] GetSystemMetrics (nIndex=42) returned 0 [0267.162] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d5c0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0267.162] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d5c0) returned 0xb [0267.163] RestoreDC (hdc=0xffffffff80010956, nSavedDC=-1) returned 1 [0267.163] GdipReleaseDC (graphics=0x1c5789b0, hdc=0xffffffff80010956) returned 0x0 [0267.212] IsAppThemed () returned 0x1 [0267.212] GetThemeAppProperties () returned 0x3 [0267.212] IsAppThemed () returned 0x1 [0267.212] GetThemeAppProperties () returned 0x3 [0267.212] IsThemePartDefined () returned 0x1 [0267.213] GdipCreateRegion (region=0x15dde0) returned 0x0 [0267.213] GdipGetClip (graphics=0x1c5789b0, region=0x1c578e60) returned 0x0 [0267.213] GdipCreateMatrix (matrix=0x15dde0) returned 0x0 [0267.214] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c572470) returned 0x0 [0267.214] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15de48) returned 0x0 [0267.214] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74d20 [0267.214] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df74d20) returned 0x0 [0267.214] LocalFree (hMem=0x1df74d20) returned 0x0 [0267.215] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74ca0 [0267.215] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df74ca0) returned 0x0 [0267.215] LocalFree (hMem=0x1df74ca0) returned 0x0 [0267.215] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0267.215] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15dea0) returned 0x0 [0267.215] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15de60) returned 0x0 [0267.216] GdipGetRegionHRgn (region=0x1c578e60, graphics=0x1c5789b0, hRgn=0x15de60) returned 0x0 [0267.216] GdipDeleteRegion (region=0x1c578e60) returned 0x0 [0267.216] GdipGetDC (graphics=0x1c5789b0, hdc=0x15dea8) returned 0x0 [0267.217] GetCurrentObject (hdc=0xffffffff80010956, type=0x1) returned 0xb00017 [0267.217] GetCurrentObject (hdc=0xffffffff80010956, type=0x2) returned 0x900010 [0267.217] GetCurrentObject (hdc=0xffffffff80010956, type=0x7) returned 0xffffffffaf0505b7 [0267.217] GetCurrentObject (hdc=0xffffffff80010956, type=0x6) returned 0x58a00b4 [0267.218] SaveDC (hdc=0xffffffff80010956) returned 1 [0267.219] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xa104091d [0267.219] GetClipRgn (hdc=0xffffffff80010956, hrgn=0xa104091d) returned 0 [0267.219] SelectClipRgn (hdc=0xffffffff80010956, hrgn=0x800406d4) returned 2 [0267.219] DeleteObject (ho=0xa104091d) returned 1 [0267.219] DeleteObject (ho=0x800406d4) returned 1 [0267.220] OffsetViewportOrgEx (in: hdc=0xffffffff80010956, x=0, y=0, lppt=0x22e6690 | out: lppt=0x22e6690) returned 1 [0267.220] IsAppThemed () returned 0x1 [0267.296] GetThemeAppProperties () returned 0x3 [0267.297] DrawThemeBackground () returned 0x0 [0267.297] RestoreDC (hdc=0xffffffff80010956, nSavedDC=-1) returned 1 [0267.297] GdipReleaseDC (graphics=0x1c5789b0, hdc=0xffffffff80010956) returned 0x0 [0267.298] GdipCreateRegion (region=0x15dde0) returned 0x0 [0267.298] GdipGetClip (graphics=0x1c5789b0, region=0x1c578e60) returned 0x0 [0267.298] GdipCreateMatrix (matrix=0x15dde0) returned 0x0 [0267.298] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c578d90) returned 0x0 [0267.299] GdipIsMatrixIdentity (matrix=0x1c578d90, result=0x15de48) returned 0x0 [0267.299] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df754a0 [0267.299] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df754a0) returned 0x0 [0267.299] LocalFree (hMem=0x1df754a0) returned 0x0 [0267.300] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75360 [0267.300] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df75360) returned 0x0 [0267.300] LocalFree (hMem=0x1df75360) returned 0x0 [0267.300] GdipDeleteMatrix (matrix=0x1c578d90) returned 0x0 [0267.300] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15dea0) returned 0x0 [0267.300] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15de60) returned 0x0 [0267.301] GdipGetRegionHRgn (region=0x1c578e60, graphics=0x1c5789b0, hRgn=0x15de60) returned 0x0 [0267.301] GdipDeleteRegion (region=0x1c578e60) returned 0x0 [0267.301] GdipGetDC (graphics=0x1c5789b0, hdc=0x15dea8) returned 0x0 [0267.302] GetCurrentObject (hdc=0xffffffff80010956, type=0x1) returned 0xb00017 [0267.302] GetCurrentObject (hdc=0xffffffff80010956, type=0x2) returned 0x900010 [0267.302] GetCurrentObject (hdc=0xffffffff80010956, type=0x7) returned 0xffffffffaf0505b7 [0267.302] GetCurrentObject (hdc=0xffffffff80010956, type=0x6) returned 0x58a00b4 [0267.303] SaveDC (hdc=0xffffffff80010956) returned 1 [0267.313] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x810406d4 [0267.313] GetClipRgn (hdc=0xffffffff80010956, hrgn=0x810406d4) returned 0 [0267.313] SelectClipRgn (hdc=0xffffffff80010956, hrgn=0xa204091d) returned 2 [0267.313] DeleteObject (ho=0x810406d4) returned 1 [0267.313] DeleteObject (ho=0xa204091d) returned 1 [0267.313] OffsetViewportOrgEx (in: hdc=0xffffffff80010956, x=0, y=0, lppt=0x22f7808 | out: lppt=0x22f7808) returned 1 [0267.314] IsAppThemed () returned 0x1 [0267.314] GetThemeAppProperties () returned 0x3 [0267.314] GetThemeBackgroundContentRect () returned 0x0 [0267.314] RestoreDC (hdc=0xffffffff80010956, nSavedDC=-1) returned 1 [0267.314] GdipReleaseDC (graphics=0x1c5789b0, hdc=0xffffffff80010956) returned 0x0 [0267.315] GdipGetNearestColor (graphics=0x1c5789b0, argb=0x15e0e8) returned 0x0 [0267.315] GdipCreateSolidFill (color=0xffffffffffbfcddb, brush=0x15e0d0) returned 0x0 [0267.316] GdipFillRectangleI (graphics=0x1c5789b0, brush=0x1c578e60, x=4, y=4, width=200, height=39) returned 0x0 [0267.316] GdipDeleteBrush (brush=0x1c578e60) returned 0x0 [0267.316] IsAppThemed () returned 0x1 [0267.323] GetThemeAppProperties () returned 0x3 [0267.323] GdipGetTextRenderingHint (graphics=0x1c5789b0, mode=0x15e0d8) returned 0x0 [0267.324] GdipGetDC (graphics=0x1c5789b0, hdc=0x15e0c8) returned 0x0 [0267.324] GetCurrentObject (hdc=0xffffffff80010956, type=0x1) returned 0xb00017 [0267.325] GetCurrentObject (hdc=0xffffffff80010956, type=0x2) returned 0x900010 [0267.325] GetCurrentObject (hdc=0xffffffff80010956, type=0x7) returned 0xffffffffaf0505b7 [0267.325] GetCurrentObject (hdc=0xffffffff80010956, type=0x6) returned 0x58a00b4 [0267.326] SaveDC (hdc=0xffffffff80010956) returned 1 [0267.327] GetTextAlign (hdc=0xffffffff80010956) returned 0x0 [0267.327] GetTextColor (hdc=0xffffffff80010956) returned 0x0 [0267.327] GetCurrentObject (hdc=0xffffffff80010956, type=0x6) returned 0x58a00b4 [0267.327] GetObjectW (in: h=0x58a00b4, c=92, pv=0x15dbc0 | out: pv=0x15dbc0) returned 92 [0267.328] SelectObject (hdc=0xffffffff80010956, h=0xffffffff8b0a094b) returned 0x58a00b4 [0267.328] GetBkMode (hdc=0xffffffff80010956) returned 2 [0267.328] SetBkMode (hdc=0xffffffff80010956, mode=1) returned 2 [0267.328] DrawTextExW (in: hdc=0xffffffff80010956, lpchText="Wrong Password..buy it..", cchText=24, lprc=0x15de18, format=0x102415, lpdtp=0x22f7cc0 | out: lpchText="Wrong Password..buy it..", lprc=0x15de18) returned 20 [0267.329] DrawTextExW (in: hdc=0xffffffff80010956, lpchText="Wrong Password..buy it..", cchText=24, lprc=0x15e048, format=0x102015, lpdtp=0x22f7cc0 | out: lpchText="Wrong Password..buy it..", lprc=0x15e048) returned 20 [0267.329] RestoreDC (hdc=0xffffffff80010956, nSavedDC=-1) returned 1 [0267.329] GdipReleaseDC (graphics=0x1c5789b0, hdc=0xffffffff80010956) returned 0x0 [0267.330] GetFocus () returned 0xa0050 [0267.330] IsAppThemed () returned 0x1 [0267.330] GetThemeAppProperties () returned 0x3 [0267.330] GdipGetDC (graphics=0x1c5789b0, hdc=0x15e428) returned 0x0 [0267.330] BitBlt (hdc=0x20105b1, x=0, y=0, cx=208, cy=47, hdcSrc=0xffffffff80010956, x1=0, y1=0, rop=0xcc0020) returned 1 [0267.334] GdipReleaseDC (graphics=0x1c5789b0, hdc=0xffffffff80010956) returned 0x0 [0267.334] SelectPalette (hdc=0x20105b1, hPal=0x88000b, bForceBkgd=0) returned 0x5308094c [0267.335] SelectObject (hdc=0xffffffff80010956, h=0x85000f) returned 0xffffffffaf0505b7 [0267.335] DeleteDC (hdc=0xffffffff80010956) returned 1 [0267.339] GdipDeleteGraphics (graphics=0x1c5789b0) returned 0x0 [0267.339] EndPaint (hWnd=0xa0050, lpPaint=0x15e408) returned 1 [0267.340] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0267.340] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0267.340] WaitMessage () returned 1 [0267.813] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.814] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0267.818] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0267.821] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0267.821] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0267.824] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0x1c, wParam=0x0, lParam=0x15d0) returned 0x0 [0267.824] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x30384, Msg=0x1c, wParam=0x0, lParam=0x15d0) returned 0x0 [0267.824] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x8, wParam=0x0, lParam=0x0) returned 0x0 [0267.825] GetCapture () returned 0x0 [0267.825] InvalidateRect (hWnd=0xa0050, lpRect=0x0, bErase=0) returned 1 [0267.825] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0 [0267.826] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0267.826] CallWindowProcW (lpPrevWndFunc=0x7ffa909f1000, hWnd=0xa0050, Msg=0x282, wParam=0x1, lParam=0x0) returned 0x0 [0267.826] IsWindowUnicode (hWnd=0xa0050) returned 1 [0267.826] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0267.826] TranslateMessage (lpMsg=0x15ee30) returned 0 [0267.826] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0267.827] BeginPaint (in: hWnd=0xa0050, lpPaint=0x15e468 | out: lpPaint=0x15e468) returned 0x310108dd [0267.827] SelectPalette (hdc=0x310108dd, hPal=0x5308094c, bForceBkgd=1) returned 0x88000b [0267.827] CreateCompatibleDC (hdc=0x310108dd) returned 0xb0108e6 [0267.827] SelectObject (hdc=0xb0108e6, h=0xffffffffaf0505b7) returned 0x85000f [0267.827] GdipCreateFromHDC (hdc=0xb0108e6, graphics=0x15e3d8) returned 0x0 [0267.828] GdipTranslateWorldTransform (graphics=0x1c5789b0, dx=0x7ffa837b8354, dy=0x2adc743b6b29, order=0x0) returned 0x0 [0267.828] GdipSetClipRectI (graphics=0x1c5789b0, x=0, y=0, width=208, height=47, combineMode=0x0) returned 0x0 [0267.829] GdipCreateMatrix (matrix=0x15e410) returned 0x0 [0267.829] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c572470) returned 0x0 [0267.829] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15e478) returned 0x0 [0267.829] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df751a0 [0267.830] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df751a0) returned 0x0 [0267.830] LocalFree (hMem=0x1df751a0) returned 0x0 [0267.830] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0267.831] GdipCreateRegion (region=0x15e410) returned 0x0 [0267.831] GdipGetClip (graphics=0x1c5789b0, region=0x1c578e60) returned 0x0 [0267.831] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15e470) returned 0x0 [0267.831] GdipSaveGraphics (graphics=0x1c5789b0, state=0x15e510) returned 0x0 [0267.832] GdipRestoreGraphics (graphics=0x1c5789b0, state=0xfffffffffda00dbd) returned 0x0 [0267.832] GdipDeleteRegion (region=0x1c578e60) returned 0x0 [0267.832] GdipGetDC (graphics=0x1c5789b0, hdc=0x15e118) returned 0x0 [0267.832] GetCurrentObject (hdc=0xb0108e6, type=0x1) returned 0xb00017 [0267.832] GetCurrentObject (hdc=0xb0108e6, type=0x2) returned 0x900010 [0267.833] GetCurrentObject (hdc=0xb0108e6, type=0x7) returned 0xffffffffaf0505b7 [0267.833] GetCurrentObject (hdc=0xb0108e6, type=0x6) returned 0x58a00b4 [0267.834] SaveDC (hdc=0xb0108e6) returned 1 [0267.834] GetNearestColor (hdc=0xb0108e6, color=0xdbcdbf) returned 0xdbcdbf [0267.834] GetNearestColor (hdc=0xb0108e6, color=0x574431) returned 0x574431 [0267.834] GetNearestColor (hdc=0xb0108e6, color=0x0) returned 0x0 [0267.835] GetNearestColor (hdc=0xb0108e6, color=0x574431) returned 0x574431 [0267.835] GetNearestColor (hdc=0xb0108e6, color=0x0) returned 0x0 [0267.835] GetNearestColor (hdc=0xb0108e6, color=0xede7e0) returned 0xede7e0 [0267.835] GetNearestColor (hdc=0xb0108e6, color=0xd5cfc9) returned 0xd5cfc9 [0267.835] GetNearestColor (hdc=0xb0108e6, color=0xc5b8ab) returned 0xc5b8ab [0267.865] GetNearestColor (hdc=0xb0108e6, color=0x0) returned 0x0 [0267.865] GetNearestColor (hdc=0xb0108e6, color=0x574431) returned 0x574431 [0267.865] RestoreDC (hdc=0xb0108e6, nSavedDC=-1) returned 1 [0267.865] GdipReleaseDC (graphics=0x1c5789b0, hdc=0xb0108e6) returned 0x0 [0267.865] IsAppThemed () returned 0x1 [0267.866] GetThemeAppProperties () returned 0x3 [0267.893] IsAppThemed () returned 0x1 [0267.893] GetThemeAppProperties () returned 0x3 [0267.893] DrawTextExW (in: hdc=0xffffffff960106e3, lpchText="Wrong Password..buy it..", cchText=24, lprc=0x15de28, format=0x102415, lpdtp=0x2329500 | out: lpchText="Wrong Password..buy it..", lprc=0x15de28) returned 20 [0267.893] IsAppThemed () returned 0x1 [0267.893] GetThemeAppProperties () returned 0x3 [0267.893] IsAppThemed () returned 0x1 [0267.894] GetThemeAppProperties () returned 0x3 [0267.894] GetFocus () returned 0x0 [0267.894] IsAppThemed () returned 0x1 [0267.894] GetThemeAppProperties () returned 0x3 [0267.894] IsAppThemed () returned 0x1 [0267.894] GetThemeAppProperties () returned 0x3 [0267.894] IsThemePartDefined () returned 0x1 [0267.894] IsAppThemed () returned 0x1 [0267.894] GetThemeAppProperties () returned 0x3 [0267.894] IsThemeBackgroundPartiallyTransparent () returned 0x1 [0267.894] IsAppThemed () returned 0x1 [0267.895] GetThemeAppProperties () returned 0x3 [0267.895] IsAppThemed () returned 0x1 [0267.895] GetThemeAppProperties () returned 0x3 [0267.895] IsThemePartDefined () returned 0x1 [0267.896] GdipCreateRegion (region=0x15de50) returned 0x0 [0267.896] GdipGetClip (graphics=0x1c5789b0, region=0x1c578e60) returned 0x0 [0267.896] GdipCreateMatrix (matrix=0x15de50) returned 0x0 [0267.896] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c578d90) returned 0x0 [0267.896] GdipIsMatrixIdentity (matrix=0x1c578d90, result=0x15deb8) returned 0x0 [0267.896] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75320 [0267.896] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df75320) returned 0x0 [0267.897] LocalFree (hMem=0x1df75320) returned 0x0 [0267.897] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75220 [0267.897] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df75220) returned 0x0 [0267.898] LocalFree (hMem=0x1df75220) returned 0x0 [0267.899] GdipDeleteMatrix (matrix=0x1c578d90) returned 0x0 [0267.899] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15df10) returned 0x0 [0267.899] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15ded0) returned 0x0 [0267.899] GdipGetRegionHRgn (region=0x1c578e60, graphics=0x1c5789b0, hRgn=0x15ded0) returned 0x0 [0267.899] GdipDeleteRegion (region=0x1c578e60) returned 0x0 [0267.900] GdipGetDC (graphics=0x1c5789b0, hdc=0x15df18) returned 0x0 [0267.900] GetCurrentObject (hdc=0xb0108e6, type=0x1) returned 0xb00017 [0267.900] GetCurrentObject (hdc=0xb0108e6, type=0x2) returned 0x900010 [0267.900] GetCurrentObject (hdc=0xb0108e6, type=0x7) returned 0xffffffffaf0505b7 [0267.900] GetCurrentObject (hdc=0xb0108e6, type=0x6) returned 0x58a00b4 [0267.901] SaveDC (hdc=0xb0108e6) returned 1 [0267.902] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xa304091d [0267.902] GetClipRgn (hdc=0xb0108e6, hrgn=0xa304091d) returned 0 [0267.902] SelectClipRgn (hdc=0xb0108e6, hrgn=0x850406d4) returned 2 [0267.902] DeleteObject (ho=0xa304091d) returned 1 [0267.902] DeleteObject (ho=0x850406d4) returned 1 [0267.903] OffsetViewportOrgEx (in: hdc=0xb0108e6, x=0, y=0, lppt=0x2329c28 | out: lppt=0x2329c28) returned 1 [0267.903] DrawThemeParentBackground () returned 0x0 [0267.903] GetWindowPlacement (in: hWnd=0x40376, lpwndpl=0x15d9b8 | out: lpwndpl=0x15d9b8) returned 1 [0267.903] GetClientRect (in: hWnd=0x40376, lpRect=0x15d900 | out: lpRect=0x15d900) returned 1 [0267.904] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0267.904] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0267.904] GetSystemMetrics (nIndex=42) returned 0 [0267.904] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d650, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0267.904] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d650) returned 0xb [0267.904] GetClientRect (in: hWnd=0x40376, lpRect=0x15d6c8 | out: lpRect=0x15d6c8) returned 1 [0267.905] GetCurrentObject (hdc=0xb0108e6, type=0x1) returned 0xb00017 [0267.905] GetCurrentObject (hdc=0xb0108e6, type=0x2) returned 0x900010 [0267.905] GetCurrentObject (hdc=0xb0108e6, type=0x7) returned 0xffffffffaf0505b7 [0267.905] GetCurrentObject (hdc=0xb0108e6, type=0x6) returned 0x58a00b4 [0267.906] SaveDC (hdc=0xb0108e6) returned 2 [0267.906] GetNearestColor (hdc=0xb0108e6, color=0x80) returned 0x80 [0267.907] CreateSolidBrush (color=0x80) returned 0x821008a6 [0267.907] FillRect (hDC=0xb0108e6, lprc=0x15d3b0, hbr=0x821008a6) returned 1 [0267.907] DeleteObject (ho=0x821008a6) returned 1 [0267.907] RestoreDC (hdc=0xb0108e6, nSavedDC=-1) returned 1 [0267.907] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0267.908] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0267.908] GetSystemMetrics (nIndex=42) returned 0 [0267.908] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d5c0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0267.908] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d5c0) returned 0xb [0267.908] GetClientRect (in: hWnd=0x40376, lpRect=0x15d638 | out: lpRect=0x15d638) returned 1 [0267.909] GetCurrentObject (hdc=0xb0108e6, type=0x1) returned 0xb00017 [0267.909] GetCurrentObject (hdc=0xb0108e6, type=0x2) returned 0x900010 [0267.909] GetCurrentObject (hdc=0xb0108e6, type=0x7) returned 0xffffffffaf0505b7 [0267.909] GetCurrentObject (hdc=0xb0108e6, type=0x6) returned 0x58a00b4 [0267.910] SaveDC (hdc=0xb0108e6) returned 2 [0267.910] GetNearestColor (hdc=0xb0108e6, color=0x80) returned 0x80 [0267.911] CreateSolidBrush (color=0x80) returned 0x831008a6 [0267.911] FillRect (hDC=0xb0108e6, lprc=0x15d320, hbr=0x831008a6) returned 1 [0267.911] DeleteObject (ho=0x831008a6) returned 1 [0267.911] RestoreDC (hdc=0xb0108e6, nSavedDC=-1) returned 1 [0267.911] GetWindowTextLengthW (hWnd=0x40376) returned 11 [0267.911] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0267.911] GetSystemMetrics (nIndex=42) returned 0 [0267.911] GetWindowTextW (in: hWnd=0x40376, lpString=0x15d5c0, nMaxCount=12 | out: lpString="RansomeToad") returned 11 [0267.911] CallWindowProcW (lpPrevWndFunc=0x7ffaa540aa60, hWnd=0x40376, Msg=0xd, wParam=0xc, lParam=0x15d5c0) returned 0xb [0267.912] RestoreDC (hdc=0xb0108e6, nSavedDC=-1) returned 1 [0267.912] GdipReleaseDC (graphics=0x1c5789b0, hdc=0xb0108e6) returned 0x0 [0267.912] IsAppThemed () returned 0x1 [0267.912] GetThemeAppProperties () returned 0x3 [0267.913] IsAppThemed () returned 0x1 [0267.913] GetThemeAppProperties () returned 0x3 [0267.913] IsThemePartDefined () returned 0x1 [0268.032] GdipCreateRegion (region=0x15dde0) returned 0x0 [0268.032] GdipGetClip (graphics=0x1c5789b0, region=0x1c578e60) returned 0x0 [0268.032] GdipCreateMatrix (matrix=0x15dde0) returned 0x0 [0268.032] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c572470) returned 0x0 [0268.032] GdipIsMatrixIdentity (matrix=0x1c572470, result=0x15de48) returned 0x0 [0268.033] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75120 [0268.033] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df75120) returned 0x0 [0268.033] LocalFree (hMem=0x1df75120) returned 0x0 [0268.033] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df75720 [0268.033] GdipGetMatrixElements (matrix=0x1c572470, matrixOut=0x1df75720) returned 0x0 [0268.034] LocalFree (hMem=0x1df75720) returned 0x0 [0268.034] GdipDeleteMatrix (matrix=0x1c572470) returned 0x0 [0268.034] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15dea0) returned 0x0 [0268.034] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15de60) returned 0x0 [0268.034] GdipGetRegionHRgn (region=0x1c578e60, graphics=0x1c5789b0, hRgn=0x15de60) returned 0x0 [0268.035] GdipDeleteRegion (region=0x1c578e60) returned 0x0 [0268.035] GdipGetDC (graphics=0x1c5789b0, hdc=0x15dea8) returned 0x0 [0268.035] GetCurrentObject (hdc=0xb0108e6, type=0x1) returned 0xb00017 [0268.035] GetCurrentObject (hdc=0xb0108e6, type=0x2) returned 0x900010 [0268.035] GetCurrentObject (hdc=0xb0108e6, type=0x7) returned 0xffffffffaf0505b7 [0268.035] GetCurrentObject (hdc=0xb0108e6, type=0x6) returned 0x58a00b4 [0268.037] SaveDC (hdc=0xb0108e6) returned 1 [0268.037] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x860406d4 [0268.037] GetClipRgn (hdc=0xb0108e6, hrgn=0x860406d4) returned 0 [0268.038] SelectClipRgn (hdc=0xb0108e6, hrgn=0xa504091d) returned 2 [0268.038] DeleteObject (ho=0x860406d4) returned 1 [0268.038] DeleteObject (ho=0xa504091d) returned 1 [0268.038] OffsetViewportOrgEx (in: hdc=0xb0108e6, x=0, y=0, lppt=0x232a928 | out: lppt=0x232a928) returned 1 [0268.377] IsAppThemed () returned 0x1 [0268.377] GetThemeAppProperties () returned 0x3 [0268.377] DrawThemeBackground () returned 0x0 [0268.377] RestoreDC (hdc=0xb0108e6, nSavedDC=-1) returned 1 [0268.377] GdipReleaseDC (graphics=0x1c5789b0, hdc=0xb0108e6) returned 0x0 [0268.378] GdipCreateRegion (region=0x15dde0) returned 0x0 [0268.378] GdipGetClip (graphics=0x1c5789b0, region=0x1c578e60) returned 0x0 [0268.379] GdipCreateMatrix (matrix=0x15dde0) returned 0x0 [0268.379] GdipGetWorldTransform (graphics=0x1c5789b0, matrix=0x1c578d90) returned 0x0 [0268.379] GdipIsMatrixIdentity (matrix=0x1c578d90, result=0x15de48) returned 0x0 [0268.379] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74ae0 [0268.379] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df74ae0) returned 0x0 [0268.380] LocalFree (hMem=0x1df74ae0) returned 0x0 [0268.380] LocalAlloc (uFlags=0x0, uBytes=0x30) returned 0x1df74f60 [0268.380] GdipGetMatrixElements (matrix=0x1c578d90, matrixOut=0x1df74f60) returned 0x0 [0268.380] LocalFree (hMem=0x1df74f60) returned 0x0 [0268.381] GdipDeleteMatrix (matrix=0x1c578d90) returned 0x0 [0268.381] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15dea0) returned 0x0 [0268.381] GdipIsInfiniteRegion (region=0x1c578e60, graphics=0x1c5789b0, result=0x15de60) returned 0x0 [0268.381] GdipGetRegionHRgn (region=0x1c578e60, graphics=0x1c5789b0, hRgn=0x15de60) returned 0x0 [0268.381] GdipDeleteRegion (region=0x1c578e60) returned 0x0 [0268.381] GdipGetDC (graphics=0x1c5789b0, hdc=0x15dea8) returned 0x0 [0268.382] GetCurrentObject (hdc=0xb0108e6, type=0x1) returned 0xb00017 [0268.382] GetCurrentObject (hdc=0xb0108e6, type=0x2) returned 0x900010 [0268.383] GetCurrentObject (hdc=0xb0108e6, type=0x7) returned 0xffffffffaf0505b7 [0268.383] GetCurrentObject (hdc=0xb0108e6, type=0x6) returned 0x58a00b4 [0268.384] SaveDC (hdc=0xb0108e6) returned 1 [0268.385] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xa604091d [0268.385] GetClipRgn (hdc=0xb0108e6, hrgn=0xa604091d) returned 0 [0268.385] SelectClipRgn (hdc=0xb0108e6, hrgn=0x870406d4) returned 2 [0268.385] DeleteObject (ho=0xa604091d) returned 1 [0268.385] DeleteObject (ho=0x870406d4) returned 1 [0268.385] OffsetViewportOrgEx (in: hdc=0xb0108e6, x=0, y=0, lppt=0x232adc0 | out: lppt=0x232adc0) returned 1 [0268.385] IsAppThemed () returned 0x1 [0268.385] GetThemeAppProperties () returned 0x3 [0268.385] GetThemeBackgroundContentRect () returned 0x0 [0268.385] RestoreDC (hdc=0xb0108e6, nSavedDC=-1) returned 1 [0268.386] GdipReleaseDC (graphics=0x1c5789b0, hdc=0xb0108e6) returned 0x0 [0268.386] GdipGetNearestColor (graphics=0x1c5789b0, argb=0x15e0e8) returned 0x0 [0268.386] GdipCreateSolidFill (color=0xffffffffffbfcddb, brush=0x15e0d0) returned 0x0 [0268.386] GdipFillRectangleI (graphics=0x1c5789b0, brush=0x1c578e60, x=4, y=4, width=200, height=39) returned 0x0 [0268.386] GdipDeleteBrush (brush=0x1c578e60) returned 0x0 [0268.386] IsAppThemed () returned 0x1 [0268.387] GetThemeAppProperties () returned 0x3 [0268.387] GdipGetTextRenderingHint (graphics=0x1c5789b0, mode=0x15e0d8) returned 0x0 [0268.387] GdipGetDC (graphics=0x1c5789b0, hdc=0x15e0c8) returned 0x0 [0268.388] GetCurrentObject (hdc=0xb0108e6, type=0x1) returned 0xb00017 [0268.388] GetCurrentObject (hdc=0xb0108e6, type=0x2) returned 0x900010 [0268.388] GetCurrentObject (hdc=0xb0108e6, type=0x7) returned 0xffffffffaf0505b7 [0268.388] GetCurrentObject (hdc=0xb0108e6, type=0x6) returned 0x58a00b4 [0268.389] SaveDC (hdc=0xb0108e6) returned 1 [0268.389] GetTextAlign (hdc=0xb0108e6) returned 0x0 [0268.389] GetTextColor (hdc=0xb0108e6) returned 0x0 [0268.389] GetCurrentObject (hdc=0xb0108e6, type=0x6) returned 0x58a00b4 [0268.390] GetObjectW (in: h=0x58a00b4, c=92, pv=0x15dbc0 | out: pv=0x15dbc0) returned 92 [0268.391] SelectObject (hdc=0xb0108e6, h=0xffffffff8b0a094b) returned 0x58a00b4 [0268.391] GetBkMode (hdc=0xb0108e6) returned 2 [0268.391] SetBkMode (hdc=0xb0108e6, mode=1) returned 2 [0268.391] DrawTextExW (in: hdc=0xb0108e6, lpchText="Wrong Password..buy it..", cchText=24, lprc=0x15de18, format=0x102415, lpdtp=0x232b278 | out: lpchText="Wrong Password..buy it..", lprc=0x15de18) returned 20 [0268.391] DrawTextExW (in: hdc=0xb0108e6, lpchText="Wrong Password..buy it..", cchText=24, lprc=0x15e048, format=0x102015, lpdtp=0x232b278 | out: lpchText="Wrong Password..buy it..", lprc=0x15e048) returned 20 [0268.392] RestoreDC (hdc=0xb0108e6, nSavedDC=-1) returned 1 [0268.392] GdipReleaseDC (graphics=0x1c5789b0, hdc=0xb0108e6) returned 0x0 [0268.392] GetFocus () returned 0x0 [0268.392] IsAppThemed () returned 0x1 [0268.392] GetThemeAppProperties () returned 0x3 [0268.392] GdipGetDC (graphics=0x1c5789b0, hdc=0x15e428) returned 0x0 [0268.392] BitBlt (hdc=0x310108dd, x=0, y=0, cx=208, cy=47, hdcSrc=0xb0108e6, x1=0, y1=0, rop=0xcc0020) returned 1 [0268.393] GdipReleaseDC (graphics=0x1c5789b0, hdc=0xb0108e6) returned 0x0 [0268.393] SelectPalette (hdc=0x310108dd, hPal=0x88000b, bForceBkgd=0) returned 0x5308094c [0268.393] SelectObject (hdc=0xb0108e6, h=0x85000f) returned 0xffffffffaf0505b7 [0268.393] DeleteDC (hdc=0xb0108e6) returned 1 [0268.393] GdipDeleteGraphics (graphics=0x1c5789b0) returned 0x0 [0268.394] EndPaint (hWnd=0xa0050, lpPaint=0x15e408) returned 1 [0268.394] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0268.394] GetMessageA (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0268.394] TranslateMessage (lpMsg=0x15ee30) returned 0 [0268.394] DispatchMessageA (lpMsg=0x15ee30) returned 0x0 [0268.395] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 1 [0268.395] IsWindowUnicode (hWnd=0x3020e) returned 1 [0268.395] GetMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x15ee30) returned 1 [0268.395] TranslateMessage (lpMsg=0x15ee30) returned 0 [0268.395] DispatchMessageW (lpMsg=0x15ee30) returned 0x0 [0268.395] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0268.395] PeekMessageW (in: lpMsg=0x15ee30, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x15ee30) returned 0 [0268.395] WaitMessage () Thread: id = 2 os_tid = 0x17ac Thread: id = 3 os_tid = 0x17cc Thread: id = 4 os_tid = 0x1610 [0209.715] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0209.716] RoInitialize () returned 0x1 [0209.716] RoUninitialize () returned 0x0 [0235.661] RegCloseKey (hKey=0x2cc) returned 0x0 Thread: id = 5 os_tid = 0x1468 [0210.462] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0210.462] RoInitialize () returned 0x1 [0210.462] RoUninitialize () returned 0x0 [0213.326] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1aace4f0 | out: lpLuid=0x1aace4f0*(LowPart=0x14, HighPart=0)) returned 1 [0213.329] GetCurrentProcess () returned 0xffffffffffffffff [0213.330] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1aace4e8 | out: TokenHandle=0x1aace4e8*=0x2cc) returned 1 [0213.330] AdjustTokenPrivileges (in: TokenHandle=0x2cc, DisableAllPrivileges=0, NewState=0x21fe9b8*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0213.332] CloseHandle (hObject=0x2cc) returned 1 [0213.348] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12109ac0, Length=0x20000, ResultLength=0x1aacf420 | out: SystemInformation=0x12109ac0, ResultLength=0x1aacf420*=0x24128) returned 0xc0000004 [0213.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24088) returned 0x0 [0214.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x242b8) returned 0x0 [0215.988] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x242b8) returned 0x0 [0216.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243a8) returned 0x0 [0217.544] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243f8) returned 0x0 [0219.673] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243f8) returned 0x0 [0220.458] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24448) returned 0x0 [0221.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x244e8) returned 0x0 [0222.058] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x244e8) returned 0x0 [0222.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x244e8) returned 0x0 [0223.613] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24498) returned 0x0 [0224.598] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243f8) returned 0x0 [0225.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243a8) returned 0x0 [0226.487] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243f8) returned 0x0 [0227.478] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243f8) returned 0x0 [0228.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243f8) returned 0x0 [0229.452] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243f8) returned 0x0 [0230.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243f8) returned 0x0 [0231.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24448) returned 0x0 [0232.370] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24448) returned 0x0 [0233.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243f8) returned 0x0 [0234.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243a8) returned 0x0 [0235.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243a8) returned 0x0 [0236.427] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24218) returned 0x0 [0237.211] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24268) returned 0x0 [0238.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x242b8) returned 0x0 [0238.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24308) returned 0x0 [0239.759] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24308) returned 0x0 [0240.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x241c8) returned 0x0 [0241.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24218) returned 0x0 [0242.251] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24358) returned 0x0 [0243.109] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243a8) returned 0x0 [0244.110] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243a8) returned 0x0 [0245.119] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243a8) returned 0x0 [0245.926] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243a8) returned 0x0 [0246.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24448) returned 0x0 [0247.600] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24448) returned 0x0 [0248.408] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24448) returned 0x0 [0249.235] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24358) returned 0x0 [0250.020] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24498) returned 0x0 [0250.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24588) returned 0x0 [0251.957] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x244e8) returned 0x0 [0252.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x244e8) returned 0x0 [0253.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24588) returned 0x0 [0254.634] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x248b8) returned 0x0 [0255.517] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24958) returned 0x0 [0256.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24a48) returned 0x0 [0257.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24a98) returned 0x0 [0258.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24b88) returned 0x0 [0259.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24b38) returned 0x0 [0260.084] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24b38) returned 0x0 [0260.959] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24b38) returned 0x0 [0261.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24c28) returned 0x0 [0262.636] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24d68) returned 0x0 [0263.358] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24cc8) returned 0x0 [0264.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24c78) returned 0x0 [0264.945] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24c78) returned 0x0 [0265.667] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24eb0) returned 0x0 [0266.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x25180) returned 0x0 [0267.107] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x251d0) returned 0x0 [0268.494] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x251d0) returned 0x0 [0270.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x252c0) returned 0x0 [0271.351] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x25360) returned 0x0 [0272.040] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x25360) returned 0x0 [0272.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x25360) returned 0x0 [0273.524] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x25310) returned 0x0 [0274.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x25310) returned 0x0 [0275.055] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x25310) returned 0x0 [0275.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x252c0) returned 0x0 [0276.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x25360) returned 0x0 [0277.623] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x253b0) returned 0x0 [0278.384] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x25360) returned 0x0 [0279.102] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x253b0) returned 0x0 [0279.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24b40) returned 0x0 [0280.587] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x249b0) returned 0x0 [0281.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24a00) returned 0x0 [0282.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24a00) returned 0x0 [0283.055] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24a00) returned 0x0 [0283.859] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x250b0) returned 0x0 [0284.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x254d8) returned 0x0 [0285.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x256c0) returned 0x0 [0286.487] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x25200) returned 0x0 [0287.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x252a0) returned 0x0 [0288.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24a10) returned 0x0 [0289.081] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24de8) returned 0x0 [0290.043] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24a70) returned 0x0 [0290.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243b0) returned 0x0 [0291.827] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x243b0) returned 0x0 [0292.902] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24360) returned 0x0 [0293.634] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24310) returned 0x0 [0294.370] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24310) returned 0x0 [0295.103] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24220) returned 0x0 [0295.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x24220) returned 0x0 [0296.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x241d0) returned 0x0 [0297.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x240e0) returned 0x0 [0298.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23df0) returned 0x0 [0299.165] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23ee0) returned 0x0 [0299.893] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23f80) returned 0x0 [0301.147] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23f80) returned 0x0 [0302.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23fd0) returned 0x0 [0303.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23fd0) returned 0x0 [0304.181] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23f80) returned 0x0 [0304.931] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23b58) returned 0x0 [0305.873] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23b08) returned 0x0 [0306.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23ab8) returned 0x0 [0307.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x234e8) returned 0x0 [0308.572] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23200) returned 0x0 [0309.427] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x231b0) returned 0x0 [0310.217] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x231b0) returned 0x0 [0310.980] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23160) returned 0x0 [0311.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23110) returned 0x0 [0312.596] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x22a68) returned 0x0 [0313.347] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x22a68) returned 0x0 [0314.619] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x22ab8) returned 0x0 [0315.347] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x22ab8) returned 0x0 [0316.073] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x22a68) returned 0x0 [0316.826] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x22ed0) returned 0x0 [0317.524] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23060) returned 0x0 [0318.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23060) returned 0x0 [0318.911] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23010) returned 0x0 [0319.586] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23010) returned 0x0 [0320.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23010) returned 0x0 [0320.964] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23010) returned 0x0 [0321.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12129af8, Length=0x26928, ResultLength=0x1aacf420 | out: SystemInformation=0x12129af8, ResultLength=0x1aacf420*=0x23010) returned 0x0 Thread: id = 6 os_tid = 0x668 [0210.513] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0210.513] RoInitialize () returned 0x1 [0210.513] RoUninitialize () returned 0x0 [0211.041] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf288) returned 1 [0211.045] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1abced30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0211.048] FindFirstFileW (in: lpFileName="C:\\*.*" (normalized: "c:\\*.*"), lpFindFileData=0x1abcf030 | out: lpFindFileData=0x1abcf030*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xc85bcc7b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc85bcc7b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc85bcc7b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x601780 [0211.056] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x722e25cd, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x3e367fa4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0211.057] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf2e43b11, ftLastWriteTime.dwHighDateTime=0x1d61755, nFileSizeHigh=0x0, nFileSizeLow=0x65010, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0211.091] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3e17804a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e17804a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf5bf7f98, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTNXT", cAlternateFileName="")) returned 1 [0211.093] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0x3e5a4222, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e5a4222, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e5a4222, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0211.094] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x8119ee6b, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x8119ee6b, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x8119ee6b, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0211.094] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4d6940d3, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xe3694d5c, ftLastAccessTime.dwHighDateTime=0x1d9b55d, ftLastWriteTime.dwLowDateTime=0xe3694d5c, ftLastWriteTime.dwHighDateTime=0x1d9b55d, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DumpStack.log.tmp", cAlternateFileName="DUMPST~1.TMP")) returned 1 [0211.095] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x72377364, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0xe2ed5208, ftLastAccessTime.dwHighDateTime=0x1d9b55d, ftLastWriteTime.dwLowDateTime=0xe2ed5208, ftLastWriteTime.dwHighDateTime=0x1d9b55d, nFileSizeHigh=0x0, nFileSizeLow=0x332fe000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0211.096] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4d66e025, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xe364878e, ftLastAccessTime.dwHighDateTime=0x1d9b55d, ftLastWriteTime.dwLowDateTime=0xe364878e, ftLastWriteTime.dwHighDateTime=0x1d9b55d, nFileSizeHigh=0x0, nFileSizeLow=0x48000000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0211.097] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc85bcc7b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc85bcc7b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc85bcc7b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0211.098] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc85bcc7b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x353933f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4e885391, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0211.098] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86241be, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x81a7b47b, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x9f29efe4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0211.098] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x81a7b47b, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xc302aae4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0211.098] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xc2ebee6b, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xc30d50a0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc30d50a0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0211.098] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4d6ba301, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xe3694d5c, ftLastAccessTime.dwHighDateTime=0x1d9b55d, ftLastWriteTime.dwLowDateTime=0xe3694d5c, ftLastWriteTime.dwHighDateTime=0x1d9b55d, nFileSizeHigh=0x0, nFileSizeLow=0x10000000, dwReserved0=0x0, dwReserved1=0x0, cFileName="swapfile.sys", cAlternateFileName="")) returned 1 [0211.099] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x4ce15c09, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x719958aa, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x4872751f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0211.099] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0xd51a765d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0211.099] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0xe584ce81, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4ecb9af4, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0211.099] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcf0f0 | out: lpFindFileData=0x1abcf0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0xe584ce81, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4ecb9af4, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0211.100] FindClose (in: hFindFile=0x601780 | out: hFindFile=0x601780) returned 1 [0211.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf018) returned 1 [0211.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf268) returned 1 [0211.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf288) returned 1 [0211.101] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1abced30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0211.102] FindFirstFileW (in: lpFileName="C:\\*" (normalized: "c:\\*"), lpFindFileData=0x1abcf030 | out: lpFindFileData=0x1abcf030*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xc85bcc7b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc85bcc7b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc85bcc7b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x6017e0 [0211.104] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x722e25cd, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x3e367fa4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0211.104] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf2e43b11, ftLastWriteTime.dwHighDateTime=0x1d61755, nFileSizeHigh=0x0, nFileSizeLow=0x65010, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0211.104] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3e17804a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e17804a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf5bf7f98, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTNXT", cAlternateFileName="")) returned 1 [0211.104] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0x3e5a4222, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e5a4222, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e5a4222, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0211.104] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x8119ee6b, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x8119ee6b, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x8119ee6b, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0211.104] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4d6940d3, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xe3694d5c, ftLastAccessTime.dwHighDateTime=0x1d9b55d, ftLastWriteTime.dwLowDateTime=0xe3694d5c, ftLastWriteTime.dwHighDateTime=0x1d9b55d, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="DumpStack.log.tmp", cAlternateFileName="DUMPST~1.TMP")) returned 1 [0211.104] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x72377364, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0xe2ed5208, ftLastAccessTime.dwHighDateTime=0x1d9b55d, ftLastWriteTime.dwLowDateTime=0xe2ed5208, ftLastWriteTime.dwHighDateTime=0x1d9b55d, nFileSizeHigh=0x0, nFileSizeLow=0x332fe000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0211.104] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4d66e025, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xe364878e, ftLastAccessTime.dwHighDateTime=0x1d9b55d, ftLastWriteTime.dwLowDateTime=0xe364878e, ftLastWriteTime.dwHighDateTime=0x1d9b55d, nFileSizeHigh=0x0, nFileSizeLow=0x48000000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0211.104] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc85bcc7b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc85bcc7b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc85bcc7b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0211.104] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc85bcc7b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x353933f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4e885391, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0211.105] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86241be, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x81a7b47b, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x9f29efe4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0211.105] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x81a7b47b, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xc302aae4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0211.105] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xc2ebee6b, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xc30d50a0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc30d50a0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0211.105] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4d6ba301, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xe3694d5c, ftLastAccessTime.dwHighDateTime=0x1d9b55d, ftLastWriteTime.dwLowDateTime=0xe3694d5c, ftLastWriteTime.dwHighDateTime=0x1d9b55d, nFileSizeHigh=0x0, nFileSizeLow=0x10000000, dwReserved0=0x0, dwReserved1=0x0, cFileName="swapfile.sys", cAlternateFileName="")) returned 1 [0211.105] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x4ce15c09, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x719958aa, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x4872751f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0211.105] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0xd51a765d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0211.105] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0xe584ce81, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4ecb9af4, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0211.105] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcf060 | out: lpFindFileData=0x1abcf060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.105] FindClose (in: hFindFile=0x6017e0 | out: hFindFile=0x6017e0) returned 1 [0211.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef88) returned 1 [0211.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf1a8) returned 1 [0211.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf188) returned 1 [0211.106] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x1abcec30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0211.107] FindFirstFileW (in: lpFileName="C:\\Boot\\*.*" (normalized: "c:\\boot\\*.*"), lpFindFileData=0x1abcef30 | out: lpFindFileData=0x1abcef30*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x9ea5d49b, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0x3e367fa4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0211.109] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x9ea5d49b, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0x3e367fa4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.109] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e367fa4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xb0846d55, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xb0846d55, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0211.111] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3e367fa4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e367fa4, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e367fa4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0211.112] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3e367fa4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e367fa4, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e367fa4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0211.113] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3e367fa4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e367fa4, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e367fa4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0211.115] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d7c8906, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d7c8906, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg-BG", cAlternateFileName="")) returned 1 [0211.115] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0211.117] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d7eec80, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d7eec80, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf5c33ae9, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x6b38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootuwf.dll", cAlternateFileName="")) returned 1 [0211.118] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d814e13, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf5c33ae9, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x18808, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootvhd.dll", cAlternateFileName="")) returned 1 [0211.118] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d814e13, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0211.118] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d83af27, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d83af27, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-GB", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-MX", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et-EE", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dc66fa9, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-CA", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8fa22d, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr-HR", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d946345, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d946345, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d946345, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d96c738, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d96c738, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0211.119] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d96c738, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9927c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0211.120] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9b8db8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9927c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0211.120] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9b8db8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9b8db8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt-LT", cAlternateFileName="")) returned 1 [0211.120] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9df11d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9df11d, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv-LV", cAlternateFileName="")) returned 1 [0211.120] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da050e0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da2b4a2, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3abfa8a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xf4538, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0211.120] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da2b4a2, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da517bb, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0211.120] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da517bb, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0211.120] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da776c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da776c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0211.120] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da776c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da9d508, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da9d508, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0211.120] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da9d508, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dae9cf3, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dae9cf3, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0211.120] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dae9cf3, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db10102, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db10102, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="qps-ploc", cAlternateFileName="")) returned 1 [0211.120] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db10102, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db365c4, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db365c4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="qps-plocm", cAlternateFileName="QPS-PL~1")) returned 1 [0211.120] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resources", cAlternateFileName="RESOUR~1")) returned 1 [0211.121] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db365c4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db5c825, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db365c4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro-RO", cAlternateFileName="")) returned 1 [0211.121] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db5c825, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db5c825, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0211.121] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db8296c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk-SK", cAlternateFileName="")) returned 1 [0211.121] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db8296c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl-SI", cAlternateFileName="")) returned 1 [0211.121] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dba885e, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr-Latn-RS", cAlternateFileName="SR-LAT~1")) returned 1 [0211.121] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dba885e, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0211.121] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dbce947, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0211.121] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dbce947, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk-UA", cAlternateFileName="")) returned 1 [0211.121] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0211.121] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0211.121] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0211.121] FindClose (in: hFindFile=0x601780 | out: hFindFile=0x601780) returned 1 [0211.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef18) returned 1 [0211.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf168) returned 1 [0211.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf188) returned 1 [0211.122] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x1abcec30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0211.122] FindFirstFileW (in: lpFileName="C:\\Boot\\*" (normalized: "c:\\boot\\*"), lpFindFileData=0x1abcef30 | out: lpFindFileData=0x1abcef30*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1238b746, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3e367fa4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0211.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1238b746, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3e367fa4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e367fa4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xb0846d55, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xb0846d55, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0211.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3e367fa4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e367fa4, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e367fa4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0211.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3e367fa4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e367fa4, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e367fa4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0211.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3e367fa4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e367fa4, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e367fa4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0211.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d7c8906, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d7c8906, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg-BG", cAlternateFileName="")) returned 1 [0211.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0211.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d7eec80, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d7eec80, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf5c33ae9, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x6b38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootuwf.dll", cAlternateFileName="")) returned 1 [0211.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d814e13, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf5c33ae9, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x18808, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootvhd.dll", cAlternateFileName="")) returned 1 [0211.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d814e13, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0211.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d83af27, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0211.124] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d83af27, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0211.124] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0211.124] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-GB", cAlternateFileName="")) returned 1 [0211.124] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0211.125] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0211.125] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-MX", cAlternateFileName="")) returned 1 [0211.125] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et-EE", cAlternateFileName="")) returned 1 [0211.125] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0211.125] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dc66fa9, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0211.125] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-CA", cAlternateFileName="")) returned 1 [0211.125] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0211.125] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8fa22d, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr-HR", cAlternateFileName="")) returned 1 [0211.125] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d946345, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d946345, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0211.125] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d946345, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d96c738, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d96c738, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0211.125] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d96c738, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9927c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0211.126] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9b8db8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9927c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0211.126] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9b8db8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9b8db8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt-LT", cAlternateFileName="")) returned 1 [0211.126] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9df11d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9df11d, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv-LV", cAlternateFileName="")) returned 1 [0211.126] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da050e0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da2b4a2, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3abfa8a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xf4538, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0211.126] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da2b4a2, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da517bb, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0211.126] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da517bb, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0211.126] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da776c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da776c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0211.126] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da776c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da9d508, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da9d508, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0211.126] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da9d508, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dae9cf3, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dae9cf3, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0211.126] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dae9cf3, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db10102, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db10102, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="qps-ploc", cAlternateFileName="")) returned 1 [0211.127] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db10102, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db365c4, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db365c4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="qps-plocm", cAlternateFileName="QPS-PL~1")) returned 1 [0211.127] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resources", cAlternateFileName="RESOUR~1")) returned 1 [0211.127] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db365c4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db5c825, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db365c4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro-RO", cAlternateFileName="")) returned 1 [0211.127] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db5c825, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db5c825, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0211.127] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db8296c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk-SK", cAlternateFileName="")) returned 1 [0211.127] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db8296c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl-SI", cAlternateFileName="")) returned 1 [0211.127] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dba885e, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr-Latn-RS", cAlternateFileName="SR-LAT~1")) returned 1 [0211.127] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dba885e, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0211.127] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dbce947, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0211.127] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dbce947, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk-UA", cAlternateFileName="")) returned 1 [0211.127] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0211.128] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0211.128] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.128] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0211.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee88) returned 1 [0211.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf0a8) returned 1 [0211.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.128] GetFullPathNameW (in: lpFileName="C:\\Boot\\bg-BG", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\bg-BG", lpFilePart=0x0) returned 0xd [0211.129] FindFirstFileW (in: lpFileName="C:\\Boot\\bg-BG\\*.*" (normalized: "c:\\boot\\bg-bg\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d7c8906, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d7c8906, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6010c0 [0211.129] FindNextFileW (in: hFindFile=0x6010c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d7c8906, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d7c8906, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.129] FindNextFileW (in: hFindFile=0x6010c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d7c8906, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.131] FindNextFileW (in: hFindFile=0x6010c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.131] FindClose (in: hFindFile=0x6010c0 | out: hFindFile=0x6010c0) returned 1 [0211.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.132] GetFullPathNameW (in: lpFileName="C:\\Boot\\bg-BG", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\bg-BG", lpFilePart=0x0) returned 0xd [0211.132] FindFirstFileW (in: lpFileName="C:\\Boot\\bg-BG\\*" (normalized: "c:\\boot\\bg-bg\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1238b746, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d7c8906, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a80 [0211.133] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1238b746, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d7c8906, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.133] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d7c8906, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.133] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d7c8906, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d7c8906, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.133] FindClose (in: hFindFile=0x601a80 | out: hFindFile=0x601a80) returned 1 [0211.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.133] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0211.134] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*.*" (normalized: "c:\\boot\\cs-cz\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d814e13, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0211.134] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d814e13, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.134] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d814e13, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.136] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.137] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.137] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0211.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.137] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0211.138] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*" (normalized: "c:\\boot\\cs-cz\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123b1a91, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d814e13, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.138] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123b1a91, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d814e13, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.138] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d814e13, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.138] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.139] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d814e13, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.139] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0211.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.139] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0211.139] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*.*" (normalized: "c:\\boot\\da-dk\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d83af27, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6014e0 [0211.140] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d83af27, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.140] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.141] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.142] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.142] FindClose (in: hFindFile=0x6014e0 | out: hFindFile=0x6014e0) returned 1 [0211.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.143] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0211.143] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*" (normalized: "c:\\boot\\da-dk\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123b1a91, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d83af27, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0211.144] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123b1a91, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d83af27, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.144] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.144] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.144] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.144] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0211.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.144] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0211.145] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*.*" (normalized: "c:\\boot\\de-de\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d83af27, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.145] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d83af27, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.145] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x14538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.146] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.148] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.148] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0211.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.149] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0211.149] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*" (normalized: "c:\\boot\\de-de\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123d7edc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d83af27, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0211.150] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123d7edc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d83af27, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.150] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x14538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.150] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.150] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d83af27, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.150] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0211.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.150] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0211.151] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*.*" (normalized: "c:\\boot\\el-gr\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.151] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.151] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x14938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.153] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb538, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.154] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.154] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.154] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0211.155] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*" (normalized: "c:\\boot\\el-gr\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123d7edc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6014e0 [0211.155] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123d7edc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.155] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d83af27, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x14938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.156] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb538, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.156] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb538, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.156] FindClose (in: hFindFile=0x6014e0 | out: hFindFile=0x6014e0) returned 1 [0211.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.156] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-GB", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-GB", lpFilePart=0x0) returned 0xd [0211.157] FindFirstFileW (in: lpFileName="C:\\Boot\\en-GB\\*.*" (normalized: "c:\\boot\\en-gb\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.157] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.157] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x12d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.159] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.159] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0211.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.159] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-GB", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-GB", lpFilePart=0x0) returned 0xd [0211.160] FindFirstFileW (in: lpFileName="C:\\Boot\\en-GB\\*" (normalized: "c:\\boot\\en-gb\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123d7edc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.160] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123d7edc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.160] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x12d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.160] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x12d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.160] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0211.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.160] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0211.161] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*.*" (normalized: "c:\\boot\\en-us\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.161] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.161] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x12d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.163] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb010, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.164] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.164] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.165] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0211.165] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*" (normalized: "c:\\boot\\en-us\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123fe1b8, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0211.165] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123fe1b8, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8877ad, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.166] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x12d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.166] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb010, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.166] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb010, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.166] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0211.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.166] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.166] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES", lpFilePart=0x0) returned 0xd [0211.167] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*.*" (normalized: "c:\\boot\\es-es\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.167] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.167] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.167] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.167] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.167] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0211.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.167] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES", lpFilePart=0x0) returned 0xd [0211.168] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*" (normalized: "c:\\boot\\es-es\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123fe1b8, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0211.168] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123fe1b8, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.168] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8877ad, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8877ad, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.168] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.168] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.168] FindClose (in: hFindFile=0x600d60 | out: hFindFile=0x600d60) returned 1 [0211.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.168] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.169] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-MX", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-MX", lpFilePart=0x0) returned 0xd [0211.169] FindFirstFileW (in: lpFileName="C:\\Boot\\es-MX\\*.*" (normalized: "c:\\boot\\es-mx\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6014e0 [0211.169] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.169] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.171] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.171] FindClose (in: hFindFile=0x6014e0 | out: hFindFile=0x6014e0) returned 1 [0211.171] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.171] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.171] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.171] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-MX", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-MX", lpFilePart=0x0) returned 0xd [0211.172] FindFirstFileW (in: lpFileName="C:\\Boot\\es-MX\\*" (normalized: "c:\\boot\\es-mx\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123fe1b8, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600c40 [0211.172] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123fe1b8, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.172] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.172] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.172] FindClose (in: hFindFile=0x600c40 | out: hFindFile=0x600c40) returned 1 [0211.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.172] GetFullPathNameW (in: lpFileName="C:\\Boot\\et-EE", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\et-EE", lpFilePart=0x0) returned 0xd [0211.173] FindFirstFileW (in: lpFileName="C:\\Boot\\et-EE\\*.*" (normalized: "c:\\boot\\et-ee\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0211.173] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.173] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13138, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.174] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.174] FindClose (in: hFindFile=0x601000 | out: hFindFile=0x601000) returned 1 [0211.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.175] GetFullPathNameW (in: lpFileName="C:\\Boot\\et-EE", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\et-EE", lpFilePart=0x0) returned 0xd [0211.175] FindFirstFileW (in: lpFileName="C:\\Boot\\et-EE\\*" (normalized: "c:\\boot\\et-ee\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123fe1b8, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.176] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x123fe1b8, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8ad710, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.176] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13138, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.176] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13138, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.176] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.176] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI", lpFilePart=0x0) returned 0xd [0211.177] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*.*" (normalized: "c:\\boot\\fi-fi\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0211.177] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.177] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.179] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb208, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.180] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.180] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0211.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.180] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI", lpFilePart=0x0) returned 0xd [0211.181] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*" (normalized: "c:\\boot\\fi-fi\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12424605, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600b80 [0211.181] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12424605, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.181] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8ad710, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8ad710, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.181] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb208, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.181] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb208, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.181] FindClose (in: hFindFile=0x600b80 | out: hFindFile=0x600b80) returned 1 [0211.181] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.182] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.182] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts", lpFilePart=0x0) returned 0xd [0211.183] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*.*" (normalized: "c:\\boot\\fonts\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dc66fa9, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0211.185] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dc66fa9, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.185] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dc66fa9, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3ddbef0f, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x3864d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0211.186] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dde51f6, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3def03f0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x3b2da5, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0211.187] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3def03f0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3df62a11, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x1e4ce7, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0211.188] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3df62a11, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e046f83, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc803880, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x243524, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0211.190] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e046f83, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e06d0d0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc803880, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x2ad45, dwReserved0=0x0, dwReserved1=0x0, cFileName="malgunn_boot.ttf", cAlternateFileName="MALGUN~1.TTF")) returned 1 [0211.191] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e06d0d0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e06d0d0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc803880, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x2b6e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="malgun_boot.ttf", cAlternateFileName="MALGUN~2.TTF")) returned 1 [0211.192] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e0930de, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e0930de, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x23291, dwReserved0=0x0, dwReserved1=0x0, cFileName="meiryon_boot.ttf", cAlternateFileName="MEIRYO~1.TTF")) returned 1 [0211.192] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e0930de, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e0b94ca, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x23914, dwReserved0=0x0, dwReserved1=0x0, cFileName="meiryo_boot.ttf", cAlternateFileName="MEIRYO~2.TTF")) returned 1 [0211.193] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e0b94ca, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e0df864, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x27ea8, dwReserved0=0x0, dwReserved1=0x0, cFileName="msjhn_boot.ttf", cAlternateFileName="MSJHN_~1.TTF")) returned 1 [0211.193] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e0df864, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e0df864, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x28694, dwReserved0=0x0, dwReserved1=0x0, cFileName="msjh_boot.ttf", cAlternateFileName="MSJH_B~1.TTF")) returned 1 [0211.193] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e105a21, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e105a21, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x25f2e, dwReserved0=0x0, dwReserved1=0x0, cFileName="msyhn_boot.ttf", cAlternateFileName="MSYHN_~1.TTF")) returned 1 [0211.193] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e105a21, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e12bc6f, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x26588, dwReserved0=0x0, dwReserved1=0x0, cFileName="msyh_boot.ttf", cAlternateFileName="MSYH_B~1.TTF")) returned 1 [0211.193] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e12bc6f, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e12bc6f, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf01f55a5, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0xaed8, dwReserved0=0x0, dwReserved1=0x0, cFileName="segmono_boot.ttf", cAlternateFileName="SEGMON~1.TTF")) returned 1 [0211.193] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e12bc6f, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e12bc6f, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf01f55a5, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x14f04, dwReserved0=0x0, dwReserved1=0x0, cFileName="segoen_slboot.ttf", cAlternateFileName="SEGOEN~1.TTF")) returned 1 [0211.193] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf01f55a5, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x1503d, dwReserved0=0x0, dwReserved1=0x0, cFileName="segoe_slboot.ttf", cAlternateFileName="SEGOE_~1.TTF")) returned 1 [0211.193] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf01f55a5, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0xbf60, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0211.194] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.195] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0211.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.196] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts", lpFilePart=0x0) returned 0xd [0211.197] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*" (normalized: "c:\\boot\\fonts\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dc66fa9, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1244a5bb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.198] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dc66fa9, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1244a5bb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.199] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dc66fa9, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3ddbef0f, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x3864d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0211.199] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dde51f6, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3def03f0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x3b2da5, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0211.199] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3def03f0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3df62a11, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x1e4ce7, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0211.199] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3df62a11, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e046f83, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc803880, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x243524, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0211.199] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e046f83, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e06d0d0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc803880, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x2ad45, dwReserved0=0x0, dwReserved1=0x0, cFileName="malgunn_boot.ttf", cAlternateFileName="MALGUN~1.TTF")) returned 1 [0211.199] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e06d0d0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e06d0d0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc803880, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x2b6e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="malgun_boot.ttf", cAlternateFileName="MALGUN~2.TTF")) returned 1 [0211.200] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e0930de, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e0930de, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x23291, dwReserved0=0x0, dwReserved1=0x0, cFileName="meiryon_boot.ttf", cAlternateFileName="MEIRYO~1.TTF")) returned 1 [0211.200] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e0930de, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e0b94ca, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x23914, dwReserved0=0x0, dwReserved1=0x0, cFileName="meiryo_boot.ttf", cAlternateFileName="MEIRYO~2.TTF")) returned 1 [0211.200] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e0b94ca, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e0df864, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x27ea8, dwReserved0=0x0, dwReserved1=0x0, cFileName="msjhn_boot.ttf", cAlternateFileName="MSJHN_~1.TTF")) returned 1 [0211.200] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e0df864, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e0df864, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x28694, dwReserved0=0x0, dwReserved1=0x0, cFileName="msjh_boot.ttf", cAlternateFileName="MSJH_B~1.TTF")) returned 1 [0211.200] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e105a21, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e105a21, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x25f2e, dwReserved0=0x0, dwReserved1=0x0, cFileName="msyhn_boot.ttf", cAlternateFileName="MSYHN_~1.TTF")) returned 1 [0211.200] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e105a21, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e12bc6f, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc7b8888, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x26588, dwReserved0=0x0, dwReserved1=0x0, cFileName="msyh_boot.ttf", cAlternateFileName="MSYH_B~1.TTF")) returned 1 [0211.200] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e12bc6f, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e12bc6f, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf01f55a5, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0xaed8, dwReserved0=0x0, dwReserved1=0x0, cFileName="segmono_boot.ttf", cAlternateFileName="SEGMON~1.TTF")) returned 1 [0211.200] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e12bc6f, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e12bc6f, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf01f55a5, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x14f04, dwReserved0=0x0, dwReserved1=0x0, cFileName="segoen_slboot.ttf", cAlternateFileName="SEGOEN~1.TTF")) returned 1 [0211.200] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf01f55a5, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x1503d, dwReserved0=0x0, dwReserved1=0x0, cFileName="segoe_slboot.ttf", cAlternateFileName="SEGOE_~1.TTF")) returned 1 [0211.200] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf01f55a5, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0xbf60, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0211.200] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf01f55a5, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0xbf60, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0211.200] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.202] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-CA", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-CA", lpFilePart=0x0) returned 0xd [0211.202] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-CA\\*.*" (normalized: "c:\\boot\\fr-ca\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a80 [0211.203] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.203] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x14338, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.204] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.204] FindClose (in: hFindFile=0x601a80 | out: hFindFile=0x601a80) returned 1 [0211.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.204] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-CA", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-CA", lpFilePart=0x0) returned 0xd [0211.205] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-CA\\*" (normalized: "c:\\boot\\fr-ca\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1244a5bb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601420 [0211.205] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1244a5bb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.205] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x14338, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.205] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x14338, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.205] FindClose (in: hFindFile=0x601420 | out: hFindFile=0x601420) returned 1 [0211.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.206] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR", lpFilePart=0x0) returned 0xd [0211.206] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*.*" (normalized: "c:\\boot\\fr-fr\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0211.206] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.207] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x14538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.208] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.229] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.229] FindClose (in: hFindFile=0x601780 | out: hFindFile=0x601780) returned 1 [0211.229] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.229] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.229] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.229] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR", lpFilePart=0x0) returned 0xd [0211.230] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*" (normalized: "c:\\boot\\fr-fr\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12496b24, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0211.230] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12496b24, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8d387c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.230] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8d387c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x14538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.230] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.230] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8d387c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.231] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0211.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.231] GetFullPathNameW (in: lpFileName="C:\\Boot\\hr-HR", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hr-HR", lpFilePart=0x0) returned 0xd [0211.232] FindFirstFileW (in: lpFileName="C:\\Boot\\hr-HR\\*.*" (normalized: "c:\\boot\\hr-hr\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8fa22d, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6014e0 [0211.233] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d8fa22d, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.233] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.234] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.234] FindClose (in: hFindFile=0x6014e0 | out: hFindFile=0x6014e0) returned 1 [0211.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.235] GetFullPathNameW (in: lpFileName="C:\\Boot\\hr-HR", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hr-HR", lpFilePart=0x0) returned 0xd [0211.235] FindFirstFileW (in: lpFileName="C:\\Boot\\hr-HR\\*" (normalized: "c:\\boot\\hr-hr\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12496b24, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8fa22d, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601840 [0211.236] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12496b24, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d8fa22d, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.236] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.236] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d8fa22d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.236] FindClose (in: hFindFile=0x601840 | out: hFindFile=0x601840) returned 1 [0211.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.236] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.236] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU", lpFilePart=0x0) returned 0xd [0211.237] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*.*" (normalized: "c:\\boot\\hu-hu\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d946345, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d946345, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.237] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d946345, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d946345, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.237] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9202fa, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9202fa, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x14538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.239] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d946345, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d946345, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb410, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.240] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.241] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0211.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.241] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU", lpFilePart=0x0) returned 0xd [0211.242] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*" (normalized: "c:\\boot\\hu-hu\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12496b24, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d946345, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6017e0 [0211.242] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d8fa22d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12496b24, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d946345, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.242] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9202fa, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9202fa, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x14538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.242] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d946345, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d946345, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb410, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.243] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d946345, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d946345, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb410, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.243] FindClose (in: hFindFile=0x6017e0 | out: hFindFile=0x6017e0) returned 1 [0211.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.243] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT", lpFilePart=0x0) returned 0xd [0211.244] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*.*" (normalized: "c:\\boot\\it-it\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d946345, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d96c738, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d96c738, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0211.244] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d946345, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d96c738, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d96c738, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.244] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d946345, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d946345, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13b38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.245] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d96c738, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d96c738, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb210, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.247] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.247] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0211.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.247] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.247] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT", lpFilePart=0x0) returned 0xd [0211.248] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*" (normalized: "c:\\boot\\it-it\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d946345, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x124bce82, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d96c738, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.248] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d946345, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x124bce82, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d96c738, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.248] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d946345, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d946345, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13b38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.248] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d96c738, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d96c738, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb210, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.248] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d96c738, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d96c738, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb210, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.248] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.248] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP", lpFilePart=0x0) returned 0xd [0211.249] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*.*" (normalized: "c:\\boot\\ja-jp\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d96c738, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9927c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.249] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d96c738, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9927c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.249] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x10f38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.250] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xa738, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.251] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.252] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.252] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.252] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP", lpFilePart=0x0) returned 0xd [0211.252] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*" (normalized: "c:\\boot\\ja-jp\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d96c738, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x124bce82, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d9927c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0211.253] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d96c738, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x124bce82, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d9927c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.253] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x10f38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.253] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xa738, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.253] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xa738, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.253] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0211.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.253] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR", lpFilePart=0x0) returned 0xd [0211.254] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*.*" (normalized: "c:\\boot\\ko-kr\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9b8db8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9927c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0211.254] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9b8db8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9927c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.255] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x10d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.256] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xa808, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.258] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.258] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0211.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.258] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR", lpFilePart=0x0) returned 0xd [0211.259] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*" (normalized: "c:\\boot\\ko-kr\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x124e2eab, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d9927c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.259] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x124e2eab, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d9927c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.259] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x10d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.259] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xa808, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.259] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9927c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9927c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xa808, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.259] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.260] GetFullPathNameW (in: lpFileName="C:\\Boot\\lt-LT", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\lt-LT", lpFilePart=0x0) returned 0xd [0211.261] FindFirstFileW (in: lpFileName="C:\\Boot\\lt-LT\\*.*" (normalized: "c:\\boot\\lt-lt\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9b8db8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9b8db8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0211.261] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9b8db8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9b8db8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.261] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9b8db8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.262] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.262] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0211.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.263] GetFullPathNameW (in: lpFileName="C:\\Boot\\lt-LT", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\lt-LT", lpFilePart=0x0) returned 0xd [0211.263] FindFirstFileW (in: lpFileName="C:\\Boot\\lt-LT\\*" (normalized: "c:\\boot\\lt-lt\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x124e2eab, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d9b8db8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601420 [0211.264] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x124e2eab, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d9b8db8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.264] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9b8db8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.264] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9b8db8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.264] FindClose (in: hFindFile=0x601420 | out: hFindFile=0x601420) returned 1 [0211.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.264] GetFullPathNameW (in: lpFileName="C:\\Boot\\lv-LV", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\lv-LV", lpFilePart=0x0) returned 0xd [0211.265] FindFirstFileW (in: lpFileName="C:\\Boot\\lv-LV\\*.*" (normalized: "c:\\boot\\lv-lv\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9df11d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9df11d, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6019c0 [0211.265] FindNextFileW (in: hFindFile=0x6019c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9df11d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3d9df11d, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.265] FindNextFileW (in: hFindFile=0x6019c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9df11d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9df11d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.266] FindNextFileW (in: hFindFile=0x6019c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.266] FindClose (in: hFindFile=0x6019c0 | out: hFindFile=0x6019c0) returned 1 [0211.266] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.266] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.267] GetFullPathNameW (in: lpFileName="C:\\Boot\\lv-LV", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\lv-LV", lpFilePart=0x0) returned 0xd [0211.267] FindFirstFileW (in: lpFileName="C:\\Boot\\lv-LV\\*" (normalized: "c:\\boot\\lv-lv\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x124e2eab, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d9df11d, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.267] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9b8db8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x124e2eab, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3d9df11d, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.267] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9df11d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9df11d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.268] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d9df11d, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3d9df11d, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.268] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.268] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO", lpFilePart=0x0) returned 0xd [0211.269] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*.*" (normalized: "c:\\boot\\nb-no\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da2b4a2, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da517bb, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.269] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da2b4a2, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da517bb, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.269] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da2b4a2, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da2b4a2, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13338, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.270] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.271] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.271] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0211.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.272] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.272] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO", lpFilePart=0x0) returned 0xd [0211.273] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*" (normalized: "c:\\boot\\nb-no\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da2b4a2, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x124e2eab, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3da517bb, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.273] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da2b4a2, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x124e2eab, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3da517bb, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.273] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da2b4a2, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da2b4a2, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13338, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.273] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.273] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.273] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.274] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL", lpFilePart=0x0) returned 0xd [0211.274] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*.*" (normalized: "c:\\boot\\nl-nl\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da517bb, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.274] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da517bb, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.275] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.276] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.277] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.277] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.277] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL", lpFilePart=0x0) returned 0xd [0211.278] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*" (normalized: "c:\\boot\\nl-nl\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x125092f0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3da517bb, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0211.279] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x125092f0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3da517bb, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.279] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.279] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.279] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da517bb, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.279] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0211.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.279] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL", lpFilePart=0x0) returned 0xd [0211.280] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*.*" (normalized: "c:\\boot\\pl-pl\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da776c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da776c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6015a0 [0211.280] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da776c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da776c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.280] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da776c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da776c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13f38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.281] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da776c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da776c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.282] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.282] FindClose (in: hFindFile=0x6015a0 | out: hFindFile=0x6015a0) returned 1 [0211.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.283] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL", lpFilePart=0x0) returned 0xd [0211.283] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*" (normalized: "c:\\boot\\pl-pl\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x125092f0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3da776c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0211.283] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da517bb, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x125092f0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3da776c8, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.283] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da776c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da776c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13f38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.284] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da776c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da776c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.284] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da776c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da776c8, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.284] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0211.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.284] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR", lpFilePart=0x0) returned 0xd [0211.284] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*.*" (normalized: "c:\\boot\\pt-br\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da776c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da9d508, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da9d508, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0211.285] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da776c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da9d508, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3da9d508, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.285] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da776c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da9d508, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.286] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da9d508, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da9d508, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.287] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.287] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0211.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.288] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR", lpFilePart=0x0) returned 0xd [0211.288] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*" (normalized: "c:\\boot\\pt-br\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da776c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x125092f0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3da9d508, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0211.289] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da776c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x125092f0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3da9d508, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.289] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da776c8, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da9d508, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.289] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da9d508, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da9d508, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.289] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da9d508, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3da9d508, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.289] FindClose (in: hFindFile=0x601000 | out: hFindFile=0x601000) returned 1 [0211.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.289] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT", lpFilePart=0x0) returned 0xd [0211.289] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*.*" (normalized: "c:\\boot\\pt-pt\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da9d508, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dae9cf3, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dae9cf3, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0211.290] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da9d508, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dae9cf3, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dae9cf3, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.290] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dac376a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dac376a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.291] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dae9cf3, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dae9cf3, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.292] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.292] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0211.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.292] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT", lpFilePart=0x0) returned 0xd [0211.293] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*" (normalized: "c:\\boot\\pt-pt\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da9d508, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1252f437, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dae9cf3, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0211.293] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da9d508, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1252f437, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dae9cf3, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.293] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dac376a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dac376a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.293] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dae9cf3, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dae9cf3, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.293] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dae9cf3, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dae9cf3, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.293] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0211.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.294] GetFullPathNameW (in: lpFileName="C:\\Boot\\qps-ploc", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\qps-ploc", lpFilePart=0x0) returned 0x10 [0211.294] FindFirstFileW (in: lpFileName="C:\\Boot\\qps-ploc\\*.*" (normalized: "c:\\boot\\qps-ploc\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dae9cf3, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db10102, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db10102, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0211.294] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dae9cf3, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db10102, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db10102, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.295] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dae9cf3, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dae9cf3, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf5fbdf0e, ftLastWriteTime.dwHighDateTime=0x1d61755, nFileSizeHigh=0x0, nFileSizeLow=0x15610, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.297] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db10102, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db10102, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xd338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.298] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.298] FindClose (in: hFindFile=0x601780 | out: hFindFile=0x601780) returned 1 [0211.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.299] GetFullPathNameW (in: lpFileName="C:\\Boot\\qps-ploc", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\qps-ploc", lpFilePart=0x0) returned 0x10 [0211.299] FindFirstFileW (in: lpFileName="C:\\Boot\\qps-ploc\\*" (normalized: "c:\\boot\\qps-ploc\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dae9cf3, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1252f437, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3db10102, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600ca0 [0211.299] FindNextFileW (in: hFindFile=0x600ca0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dae9cf3, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1252f437, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3db10102, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.299] FindNextFileW (in: hFindFile=0x600ca0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dae9cf3, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dae9cf3, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf5fbdf0e, ftLastWriteTime.dwHighDateTime=0x1d61755, nFileSizeHigh=0x0, nFileSizeLow=0x15610, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.299] FindNextFileW (in: hFindFile=0x600ca0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db10102, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db10102, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xd338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.300] FindNextFileW (in: hFindFile=0x600ca0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db10102, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db10102, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xd338, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.300] FindClose (in: hFindFile=0x600ca0 | out: hFindFile=0x600ca0) returned 1 [0211.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.301] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.301] GetFullPathNameW (in: lpFileName="C:\\Boot\\qps-plocm", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\qps-plocm", lpFilePart=0x0) returned 0x11 [0211.301] FindFirstFileW (in: lpFileName="C:\\Boot\\qps-plocm\\*.*" (normalized: "c:\\boot\\qps-plocm\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db10102, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db365c4, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db365c4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.302] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db10102, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db365c4, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db365c4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.302] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db365c4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db365c4, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.302] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.302] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.304] GetFullPathNameW (in: lpFileName="C:\\Boot\\qps-plocm", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\qps-plocm", lpFilePart=0x0) returned 0x11 [0211.304] FindFirstFileW (in: lpFileName="C:\\Boot\\qps-plocm\\*" (normalized: "c:\\boot\\qps-plocm\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db10102, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1252f437, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3db365c4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.304] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db10102, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1252f437, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3db365c4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.304] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db365c4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db365c4, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.304] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db365c4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db365c4, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13d38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.305] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.305] GetFullPathNameW (in: lpFileName="C:\\Boot\\Resources", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Resources", lpFilePart=0x0) returned 0x11 [0211.305] FindFirstFileW (in: lpFileName="C:\\Boot\\Resources\\*.*" (normalized: "c:\\boot\\resources\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0211.306] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.306] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf021b7c6, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x16938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootres.dll", cAlternateFileName="")) returned 1 [0211.306] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0211.306] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0211.306] FindClose (in: hFindFile=0x600d60 | out: hFindFile=0x600d60) returned 1 [0211.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.306] GetFullPathNameW (in: lpFileName="C:\\Boot\\Resources", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Resources", lpFilePart=0x0) returned 0x11 [0211.307] FindFirstFileW (in: lpFileName="C:\\Boot\\Resources\\*" (normalized: "c:\\boot\\resources\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12555852, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0211.307] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12555852, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.307] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xf021b7c6, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x16938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootres.dll", cAlternateFileName="")) returned 1 [0211.307] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0211.307] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.307] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0211.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.307] GetFullPathNameW (in: lpFileName="C:\\Boot\\Resources\\en-US", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Resources\\en-US", lpFilePart=0x0) returned 0x17 [0211.308] FindFirstFileW (in: lpFileName="C:\\Boot\\Resources\\en-US\\*.*" (normalized: "c:\\boot\\resources\\en-us\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0211.308] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.308] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x994bd175, ftLastWriteTime.dwHighDateTime=0x1d5ace3, nFileSizeHigh=0x0, nFileSizeLow=0x3210, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootres.dll.mui", cAlternateFileName="BOOTRE~1.MUI")) returned 1 [0211.308] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.308] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0211.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0211.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0211.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.309] GetFullPathNameW (in: lpFileName="C:\\Boot\\Resources\\en-US", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Resources\\en-US", lpFilePart=0x0) returned 0x17 [0211.309] FindFirstFileW (in: lpFileName="C:\\Boot\\Resources\\en-US\\*" (normalized: "c:\\boot\\resources\\en-us\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12555852, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.309] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12555852, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3e151cb0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.309] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x994bd175, ftLastWriteTime.dwHighDateTime=0x1d5ace3, nFileSizeHigh=0x0, nFileSizeLow=0x3210, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootres.dll.mui", cAlternateFileName="BOOTRE~1.MUI")) returned 1 [0211.309] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e151cb0, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3e151cb0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x994bd175, ftLastWriteTime.dwHighDateTime=0x1d5ace3, nFileSizeHigh=0x0, nFileSizeLow=0x3210, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootres.dll.mui", cAlternateFileName="BOOTRE~1.MUI")) returned 0 [0211.309] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0211.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0211.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.310] GetFullPathNameW (in: lpFileName="C:\\Boot\\ro-RO", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ro-RO", lpFilePart=0x0) returned 0xd [0211.310] FindFirstFileW (in: lpFileName="C:\\Boot\\ro-RO\\*.*" (normalized: "c:\\boot\\ro-ro\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db365c4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db5c825, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db365c4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6014e0 [0211.310] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db365c4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db5c825, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db365c4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.311] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db365c4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db5c825, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13738, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.311] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.311] FindClose (in: hFindFile=0x6014e0 | out: hFindFile=0x6014e0) returned 1 [0211.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.311] GetFullPathNameW (in: lpFileName="C:\\Boot\\ro-RO", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ro-RO", lpFilePart=0x0) returned 0xd [0211.311] FindFirstFileW (in: lpFileName="C:\\Boot\\ro-RO\\*" (normalized: "c:\\boot\\ro-ro\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db365c4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12555852, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3db365c4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.312] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db365c4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12555852, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3db365c4, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.312] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db365c4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db5c825, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13738, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.312] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db365c4, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db5c825, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13738, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.312] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.312] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU", lpFilePart=0x0) returned 0xd [0211.313] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*.*" (normalized: "c:\\boot\\ru-ru\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db5c825, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db5c825, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0211.313] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db5c825, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db5c825, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.313] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db5c825, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db5c825, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13b38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.313] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db5c825, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db5c825, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xaf38, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.313] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.313] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0211.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.314] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU", lpFilePart=0x0) returned 0xd [0211.314] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*" (normalized: "c:\\boot\\ru-ru\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db5c825, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12555852, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3db5c825, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6015a0 [0211.314] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db5c825, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12555852, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3db5c825, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.314] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db5c825, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db5c825, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13b38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.314] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db5c825, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db5c825, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xaf38, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.315] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db5c825, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db5c825, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xaf38, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.315] FindClose (in: hFindFile=0x6015a0 | out: hFindFile=0x6015a0) returned 1 [0211.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.315] GetFullPathNameW (in: lpFileName="C:\\Boot\\sk-SK", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sk-SK", lpFilePart=0x0) returned 0xd [0211.315] FindFirstFileW (in: lpFileName="C:\\Boot\\sk-SK\\*.*" (normalized: "c:\\boot\\sk-sk\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db8296c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a80 [0211.316] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db8296c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.316] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13b38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.316] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.316] FindClose (in: hFindFile=0x601a80 | out: hFindFile=0x601a80) returned 1 [0211.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.316] GetFullPathNameW (in: lpFileName="C:\\Boot\\sk-SK", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sk-SK", lpFilePart=0x0) returned 0xd [0211.316] FindFirstFileW (in: lpFileName="C:\\Boot\\sk-SK\\*" (normalized: "c:\\boot\\sk-sk\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12555852, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3db8296c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0211.317] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12555852, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3db8296c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.317] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13b38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.317] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13b38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.317] FindClose (in: hFindFile=0x600d60 | out: hFindFile=0x600d60) returned 1 [0211.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.317] GetFullPathNameW (in: lpFileName="C:\\Boot\\sl-SI", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sl-SI", lpFilePart=0x0) returned 0xd [0211.317] FindFirstFileW (in: lpFileName="C:\\Boot\\sl-SI\\*.*" (normalized: "c:\\boot\\sl-si\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db8296c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6014e0 [0211.318] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3db8296c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.318] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13738, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.318] FindNextFileW (in: hFindFile=0x6014e0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.318] FindClose (in: hFindFile=0x6014e0 | out: hFindFile=0x6014e0) returned 1 [0211.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.318] GetFullPathNameW (in: lpFileName="C:\\Boot\\sl-SI", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sl-SI", lpFilePart=0x0) returned 0xd [0211.320] FindFirstFileW (in: lpFileName="C:\\Boot\\sl-SI\\*" (normalized: "c:\\boot\\sl-si\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12555852, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3db8296c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600b80 [0211.320] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x12555852, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3db8296c, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.320] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13738, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.321] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3db8296c, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13738, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.321] FindClose (in: hFindFile=0x600b80 | out: hFindFile=0x600b80) returned 1 [0211.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.321] GetFullPathNameW (in: lpFileName="C:\\Boot\\sr-Latn-RS", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sr-Latn-RS", lpFilePart=0x0) returned 0x12 [0211.321] FindFirstFileW (in: lpFileName="C:\\Boot\\sr-Latn-RS\\*.*" (normalized: "c:\\boot\\sr-latn-rs\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dba885e, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0211.322] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dba885e, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.322] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13b38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.322] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.322] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0211.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.322] GetFullPathNameW (in: lpFileName="C:\\Boot\\sr-Latn-RS", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sr-Latn-RS", lpFilePart=0x0) returned 0x12 [0211.322] FindFirstFileW (in: lpFileName="C:\\Boot\\sr-Latn-RS\\*" (normalized: "c:\\boot\\sr-latn-rs\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1257b86d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dba885e, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0211.323] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3db8296c, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1257b86d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dba885e, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.323] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13b38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.323] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13b38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.323] FindClose (in: hFindFile=0x600d60 | out: hFindFile=0x600d60) returned 1 [0211.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.323] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE", lpFilePart=0x0) returned 0xd [0211.324] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*.*" (normalized: "c:\\boot\\sv-se\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dba885e, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0211.324] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dba885e, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.324] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13738, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.324] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xaf38, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.324] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.324] FindClose (in: hFindFile=0x601000 | out: hFindFile=0x601000) returned 1 [0211.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.325] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE", lpFilePart=0x0) returned 0xd [0211.325] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*" (normalized: "c:\\boot\\sv-se\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1257b86d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dba885e, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601420 [0211.325] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1257b86d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dba885e, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.325] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13738, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.325] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xaf38, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.325] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dba885e, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xaf38, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.326] FindClose (in: hFindFile=0x601420 | out: hFindFile=0x601420) returned 1 [0211.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.326] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR", lpFilePart=0x0) returned 0xd [0211.326] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*.*" (normalized: "c:\\boot\\tr-tr\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dbce947, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0211.326] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dbce947, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.326] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.327] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.327] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.327] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0211.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.327] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR", lpFilePart=0x0) returned 0xd [0211.328] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*" (normalized: "c:\\boot\\tr-tr\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1257b86d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dbce947, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.328] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1257b86d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dbce947, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.328] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dba885e, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13538, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.328] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.328] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d5c985, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xb138, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.328] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.328] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.328] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.328] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.328] GetFullPathNameW (in: lpFileName="C:\\Boot\\uk-UA", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\uk-UA", lpFilePart=0x0) returned 0xd [0211.328] FindFirstFileW (in: lpFileName="C:\\Boot\\uk-UA\\*.*" (normalized: "c:\\boot\\uk-ua\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dbce947, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0211.329] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dbce947, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.329] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.329] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.329] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0211.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.329] GetFullPathNameW (in: lpFileName="C:\\Boot\\uk-UA", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\uk-UA", lpFilePart=0x0) returned 0xd [0211.330] FindFirstFileW (in: lpFileName="C:\\Boot\\uk-UA\\*" (normalized: "c:\\boot\\uk-ua\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1257b86d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dbce947, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6015a0 [0211.330] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1257b86d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dbce947, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.330] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.330] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbce947, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x13938, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0211.330] FindClose (in: hFindFile=0x6015a0 | out: hFindFile=0x6015a0) returned 1 [0211.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.330] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN", lpFilePart=0x0) returned 0xd [0211.331] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*.*" (normalized: "c:\\boot\\zh-cn\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.331] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.331] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbf4bcf, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xfd38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.331] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xa538, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.331] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.331] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.331] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN", lpFilePart=0x0) returned 0xd [0211.332] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*" (normalized: "c:\\boot\\zh-cn\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1257b86d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.332] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1257b86d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.332] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dbce947, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dbf4bcf, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xfd38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.332] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xa538, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.332] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xa538, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.332] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0211.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.332] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW", lpFilePart=0x0) returned 0xd [0211.333] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*.*" (normalized: "c:\\boot\\zh-tw\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.333] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.333] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xfd38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.333] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xa538, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.333] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.333] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0211.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.333] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.333] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW", lpFilePart=0x0) returned 0xd [0211.334] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*" (normalized: "c:\\boot\\zh-tw\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1257b86d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0211.334] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x1257b86d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3dc4150a, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.334] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d0f108, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xfd38, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0211.334] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xa538, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0211.334] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dc4150a, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x3dc4150a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x7d3512f, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xa538, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0211.334] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0211.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf188) returned 1 [0211.335] GetFullPathNameW (in: lpFileName="C:\\Documents and Settings", nBufferLength=0x105, lpBuffer=0x1abcec30, lpFilePart=0x0 | out: lpBuffer="C:\\Documents and Settings", lpFilePart=0x0) returned 0x19 [0211.335] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*.*" (normalized: "c:\\documents and settings\\*.*"), lpFindFileData=0x1abcef30 | out: lpFindFileData=0x1abcef30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0211.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee58) returned 1 [0211.382] EtwEventRegister () returned 0x0 [0211.388] EtwEventSetInformation () returned 0x0 [0211.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf188) returned 1 [0211.440] GetFullPathNameW (in: lpFileName="C:\\PerfLogs", nBufferLength=0x105, lpBuffer=0x1abcec30, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs", lpFilePart=0x0) returned 0xb [0211.440] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*.*" (normalized: "c:\\perflogs\\*.*"), lpFindFileData=0x1abcef30 | out: lpFindFileData=0x1abcef30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc85bcc7b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc85bcc7b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc85bcc7b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0211.441] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc85bcc7b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc85bcc7b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc85bcc7b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.441] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc85bcc7b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc85bcc7b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc85bcc7b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.441] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0211.441] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef18) returned 1 [0211.441] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf168) returned 1 [0211.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf188) returned 1 [0211.441] GetFullPathNameW (in: lpFileName="C:\\PerfLogs", nBufferLength=0x105, lpBuffer=0x1abcec30, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs", lpFilePart=0x0) returned 0xb [0211.442] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*" (normalized: "c:\\perflogs\\*"), lpFindFileData=0x1abcef30 | out: lpFindFileData=0x1abcef30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc85bcc7b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x126865fb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc85bcc7b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0211.442] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc85bcc7b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x126865fb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc85bcc7b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.442] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc85bcc7b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x126865fb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc85bcc7b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.442] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0211.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee88) returned 1 [0211.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf0a8) returned 1 [0211.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf188) returned 1 [0211.443] GetFullPathNameW (in: lpFileName="C:\\ProgramData", nBufferLength=0x105, lpBuffer=0x1abcec30, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData", lpFilePart=0x0) returned 0xe [0211.443] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*.*" (normalized: "c:\\programdata\\*.*"), lpFindFileData=0x1abcef30 | out: lpFindFileData=0x1abcef30*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9ac223c7, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xc302aae4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.443] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9ac223c7, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xc302aae4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.444] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9ca22c7, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xf9cc8690, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0211.444] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0211.444] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x8119ee6b, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x8119ee6b, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x8119ee6b, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x8119ee6b, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x8119ee6b, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x8119ee6b, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x81a7b47b, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x2b5c5210, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xe3360f38, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xe3360f38, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft OneDrive", cAlternateFileName="MICROS~2")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54cf01b, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x732d3946, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Packages", cAlternateFileName="")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x330c4fa5, ftLastAccessTime.dwHighDateTime=0x1d9b55e, ftLastWriteTime.dwLowDateTime=0x330c4fa5, ftLastWriteTime.dwHighDateTime=0x1d9b55e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="regid.1991-06.com.microsoft", cAlternateFileName="")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc86967d2, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SoftwareDistribution", cAlternateFileName="")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0x3fded3d9, ftLastAccessTime.dwHighDateTime=0x1d61756, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ssh", cAlternateFileName="")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9da3e264, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0x9da3e264, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="USOPrivate", cAlternateFileName="")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc86967d2, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="USOShared", cAlternateFileName="")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsHolographicDevices", cAlternateFileName="WINDOW~1")) returned 1 [0211.445] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsHolographicDevices", cAlternateFileName="WINDOW~1")) returned 0 [0211.446] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef18) returned 1 [0211.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf168) returned 1 [0211.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf188) returned 1 [0211.446] GetFullPathNameW (in: lpFileName="C:\\ProgramData", nBufferLength=0x105, lpBuffer=0x1abcec30, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData", lpFilePart=0x0) returned 0xe [0211.447] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*" (normalized: "c:\\programdata\\*"), lpFindFileData=0x1abcef30 | out: lpFindFileData=0x1abcef30*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x126acb2d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc302aae4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601960 [0211.447] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x126acb2d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc302aae4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.447] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9ca22c7, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xf9cc8690, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0211.447] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0211.447] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x8119ee6b, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x8119ee6b, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x8119ee6b, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0211.447] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x8119ee6b, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x8119ee6b, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x8119ee6b, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0211.447] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x81a7b47b, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x2b5c5210, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0211.447] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xe3360f38, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xe3360f38, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft OneDrive", cAlternateFileName="MICROS~2")) returned 1 [0211.448] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54cf01b, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0211.448] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x732d3946, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Packages", cAlternateFileName="")) returned 1 [0211.448] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x330c4fa5, ftLastAccessTime.dwHighDateTime=0x1d9b55e, ftLastWriteTime.dwLowDateTime=0x330c4fa5, ftLastWriteTime.dwHighDateTime=0x1d9b55e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="regid.1991-06.com.microsoft", cAlternateFileName="")) returned 1 [0211.448] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc86967d2, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SoftwareDistribution", cAlternateFileName="")) returned 1 [0211.448] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0x3fded3d9, ftLastAccessTime.dwHighDateTime=0x1d61756, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ssh", cAlternateFileName="")) returned 1 [0211.448] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0211.448] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0211.448] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9da3e264, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0x9da3e264, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="USOPrivate", cAlternateFileName="")) returned 1 [0211.448] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc86967d2, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="USOShared", cAlternateFileName="")) returned 1 [0211.449] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsHolographicDevices", cAlternateFileName="WINDOW~1")) returned 1 [0211.449] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.449] FindClose (in: hFindFile=0x601960 | out: hFindFile=0x601960) returned 1 [0211.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee88) returned 1 [0211.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf0a8) returned 1 [0211.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf188) returned 1 [0211.449] GetFullPathNameW (in: lpFileName="C:\\Recovery", nBufferLength=0x105, lpBuffer=0x1abcec30, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery", lpFilePart=0x0) returned 0xb [0211.450] FindFirstFileW (in: lpFileName="C:\\Recovery\\*.*" (normalized: "c:\\recovery\\*.*"), lpFindFileData=0x1abcef30 | out: lpFindFileData=0x1abcef30*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xc2ebee6b, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xc30d50a0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc30d50a0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0211.450] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xc2ebee6b, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xc30d50a0, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xc30d50a0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.451] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xc2ebee6b, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x866e4952, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x866e4952, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsRE", cAlternateFileName="WINDOW~1")) returned 1 [0211.451] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xc2ebee6b, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x866e4952, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x866e4952, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsRE", cAlternateFileName="WINDOW~1")) returned 0 [0211.451] FindClose (in: hFindFile=0x600d60 | out: hFindFile=0x600d60) returned 1 [0211.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef18) returned 1 [0211.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf168) returned 1 [0211.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf188) returned 1 [0211.451] GetFullPathNameW (in: lpFileName="C:\\Recovery", nBufferLength=0x105, lpBuffer=0x1abcec30, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery", lpFilePart=0x0) returned 0xb [0211.452] FindFirstFileW (in: lpFileName="C:\\Recovery\\*" (normalized: "c:\\recovery\\*"), lpFindFileData=0x1abcef30 | out: lpFindFileData=0x1abcef30*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xc2ebee6b, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x126acb2d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc30d50a0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0211.452] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xc2ebee6b, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x126acb2d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc30d50a0, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.453] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xc2ebee6b, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x866e4952, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x866e4952, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsRE", cAlternateFileName="WINDOW~1")) returned 1 [0211.453] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.453] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0211.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee88) returned 1 [0211.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf0a8) returned 1 [0211.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.454] GetFullPathNameW (in: lpFileName="C:\\Recovery\\WindowsRE", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\WindowsRE", lpFilePart=0x0) returned 0x15 [0211.454] FindFirstFileW (in: lpFileName="C:\\Recovery\\WindowsRE\\*.*" (normalized: "c:\\recovery\\windowsre\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xc2ebee6b, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x866e4952, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x866e4952, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.454] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xc2ebee6b, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x866e4952, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x866e4952, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.454] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xc2fa3e24, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xc303c60a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xeb7e6dc9, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0211.456] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xc32063c2, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x8670a91e, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x866e4952, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x458, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReAgent.xml", cAlternateFileName="")) returned 1 [0211.456] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xa89aa1fa, ftCreationTime.dwHighDateTime=0x1d5ace3, ftLastAccessTime.dwLowDateTime=0x4f84437f, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x41bacf5, ftLastWriteTime.dwHighDateTime=0x1d61755, nFileSizeHigh=0x0, nFileSizeLow=0x18bcaa94, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0211.458] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.458] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0211.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.458] GetFullPathNameW (in: lpFileName="C:\\Recovery\\WindowsRE", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\WindowsRE", lpFilePart=0x0) returned 0x15 [0211.459] FindFirstFileW (in: lpFileName="C:\\Recovery\\WindowsRE\\*" (normalized: "c:\\recovery\\windowsre\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xc2ebee6b, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x126acb2d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x866e4952, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0211.461] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xc2ebee6b, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x126acb2d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x866e4952, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.461] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xc2fa3e24, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xc303c60a, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xeb7e6dc9, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0211.461] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xc32063c2, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x8670a91e, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x866e4952, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x458, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReAgent.xml", cAlternateFileName="")) returned 1 [0211.461] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xa89aa1fa, ftCreationTime.dwHighDateTime=0x1d5ace3, ftLastAccessTime.dwLowDateTime=0x4f84437f, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x41bacf5, ftLastWriteTime.dwHighDateTime=0x1d61755, nFileSizeHigh=0x0, nFileSizeLow=0x18bcaa94, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0211.462] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xa89aa1fa, ftCreationTime.dwHighDateTime=0x1d5ace3, ftLastAccessTime.dwLowDateTime=0x4f84437f, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x41bacf5, ftLastWriteTime.dwHighDateTime=0x1d61755, nFileSizeHigh=0x0, nFileSizeLow=0x18bcaa94, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 0 [0211.462] FindClose (in: hFindFile=0x601600 | out: hFindFile=0x601600) returned 1 [0211.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf188) returned 1 [0211.463] GetFullPathNameW (in: lpFileName="C:\\System Volume Information", nBufferLength=0x105, lpBuffer=0x1abcec30, lpFilePart=0x0 | out: lpBuffer="C:\\System Volume Information", lpFilePart=0x0) returned 0x1c [0211.465] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*.*" (normalized: "c:\\system volume information\\*.*"), lpFindFileData=0x1abcef30 | out: lpFindFileData=0x1abcef30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0211.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee58) returned 1 [0211.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf188) returned 1 [0211.477] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x1abcec30, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0211.478] FindFirstFileW (in: lpFileName="C:\\Users\\*.*" (normalized: "c:\\users\\*.*"), lpFindFileData=0x1abcef30 | out: lpFindFileData=0x1abcef30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0xd51a765d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.479] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0xd51a765d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.479] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0xfcc23a85, ftCreationTime.dwHighDateTime=0x1d5ace0, ftLastAccessTime.dwLowDateTime=0xfcc23a85, ftLastAccessTime.dwHighDateTime=0x1d5ace0, ftLastWriteTime.dwLowDateTime=0xfcc23a85, ftLastWriteTime.dwHighDateTime=0x1d5ace0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0211.479] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0211.479] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0xfcc6ff81, ftCreationTime.dwHighDateTime=0x1d5ace0, ftLastAccessTime.dwLowDateTime=0xfcc6ff81, ftLastAccessTime.dwHighDateTime=0x1d5ace0, ftLastWriteTime.dwLowDateTime=0xfcc6ff81, ftLastWriteTime.dwHighDateTime=0x1d5ace0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0211.479] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b56a2d, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7b3881b8, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0211.481] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OqXZRaykm", cAlternateFileName="OQXZRA~1")) returned 1 [0211.481] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xd69f12d9, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0211.481] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceff0 | out: lpFindFileData=0x1abceff0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xd69f12d9, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 0 [0211.482] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef18) returned 1 [0211.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf168) returned 1 [0211.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf188) returned 1 [0211.482] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x1abcec30, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0211.483] FindFirstFileW (in: lpFileName="C:\\Users\\*" (normalized: "c:\\users\\*"), lpFindFileData=0x1abcef30 | out: lpFindFileData=0x1abcef30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0xd51a765d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.483] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0xd51a765d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.483] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0xfcc23a85, ftCreationTime.dwHighDateTime=0x1d5ace0, ftLastAccessTime.dwLowDateTime=0xfcc23a85, ftLastAccessTime.dwHighDateTime=0x1d5ace0, ftLastWriteTime.dwLowDateTime=0xfcc23a85, ftLastWriteTime.dwHighDateTime=0x1d5ace0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0211.483] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0211.483] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0xfcc6ff81, ftCreationTime.dwHighDateTime=0x1d5ace0, ftLastAccessTime.dwLowDateTime=0xfcc6ff81, ftLastAccessTime.dwHighDateTime=0x1d5ace0, ftLastWriteTime.dwLowDateTime=0xfcc6ff81, ftLastWriteTime.dwHighDateTime=0x1d5ace0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0211.483] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b56a2d, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7b3881b8, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0211.484] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OqXZRaykm", cAlternateFileName="OQXZRA~1")) returned 1 [0211.484] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xd69f12d9, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0211.484] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcef60 | out: lpFindFileData=0x1abcef60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.484] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee88) returned 1 [0211.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf0a8) returned 1 [0211.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.485] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users", lpFilePart=0x0) returned 0x12 [0211.485] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*.*" (normalized: "c:\\users\\all users\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x126acb2d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc302aae4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.487] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x126acb2d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc302aae4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.487] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9ca22c7, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xf9cc8690, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0211.487] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0211.487] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x8119ee6b, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x8119ee6b, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x8119ee6b, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0211.487] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x8119ee6b, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x8119ee6b, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x8119ee6b, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0211.487] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x81a7b47b, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x2b5c5210, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0211.487] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xe3360f38, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xe3360f38, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft OneDrive", cAlternateFileName="MICROS~2")) returned 1 [0211.487] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54cf01b, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0211.487] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x732d3946, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Packages", cAlternateFileName="")) returned 1 [0211.487] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x330c4fa5, ftLastAccessTime.dwHighDateTime=0x1d9b55e, ftLastWriteTime.dwLowDateTime=0x330c4fa5, ftLastWriteTime.dwHighDateTime=0x1d9b55e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="regid.1991-06.com.microsoft", cAlternateFileName="")) returned 1 [0211.487] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc86967d2, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SoftwareDistribution", cAlternateFileName="")) returned 1 [0211.488] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0x3fded3d9, ftLastAccessTime.dwHighDateTime=0x1d61756, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ssh", cAlternateFileName="")) returned 1 [0211.488] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0211.488] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0211.488] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9da3e264, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0x9da3e264, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="USOPrivate", cAlternateFileName="")) returned 1 [0211.488] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc86967d2, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="USOShared", cAlternateFileName="")) returned 1 [0211.488] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsHolographicDevices", cAlternateFileName="WINDOW~1")) returned 1 [0211.488] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WindowsHolographicDevices", cAlternateFileName="WINDOW~1")) returned 0 [0211.488] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0211.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.489] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users", lpFilePart=0x0) returned 0x12 [0211.489] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*" (normalized: "c:\\users\\all users\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x126acb2d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc302aae4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.490] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x126acb2d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc302aae4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.490] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9ca22c7, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xf9cc8690, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0211.490] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0211.490] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x8119ee6b, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x8119ee6b, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x8119ee6b, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0211.490] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x8119ee6b, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x8119ee6b, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x8119ee6b, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0211.490] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x81a7b47b, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x2b5c5210, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0211.491] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xe3360f38, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xe3360f38, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft OneDrive", cAlternateFileName="MICROS~2")) returned 1 [0211.491] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54cf01b, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0211.491] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x732d3946, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Packages", cAlternateFileName="")) returned 1 [0211.492] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x330c4fa5, ftLastAccessTime.dwHighDateTime=0x1d9b55e, ftLastWriteTime.dwLowDateTime=0x330c4fa5, ftLastWriteTime.dwHighDateTime=0x1d9b55e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="regid.1991-06.com.microsoft", cAlternateFileName="")) returned 1 [0211.492] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc86967d2, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SoftwareDistribution", cAlternateFileName="")) returned 1 [0211.492] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0x3fded3d9, ftLastAccessTime.dwHighDateTime=0x1d61756, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ssh", cAlternateFileName="")) returned 1 [0211.492] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0211.492] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0211.492] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9da3e264, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0x9da3e264, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="USOPrivate", cAlternateFileName="")) returned 1 [0211.492] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc86967d2, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="USOShared", cAlternateFileName="")) returned 1 [0211.492] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsHolographicDevices", cAlternateFileName="WINDOW~1")) returned 1 [0211.493] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.493] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0211.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.493] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe", lpFilePart=0x0) returned 0x18 [0211.494] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\*.*" (normalized: "c:\\users\\all users\\adobe\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9ca22c7, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xf9cc8690, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.494] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9ca22c7, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xf9cc8690, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.494] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xf9cc8690, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup", cAlternateFileName="")) returned 1 [0211.494] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xf9cc8690, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup", cAlternateFileName="")) returned 0 [0211.494] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0211.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0211.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.495] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe", lpFilePart=0x0) returned 0x18 [0211.495] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\*" (normalized: "c:\\users\\all users\\adobe\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9ca22c7, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1271f903, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0211.496] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9ca22c7, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1271f903, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.496] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xf9cc8690, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup", cAlternateFileName="")) returned 1 [0211.496] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.496] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0211.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0211.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0211.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.496] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Setup", lpFilePart=0x0) returned 0x1e [0211.497] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\*.*" (normalized: "c:\\users\\all users\\adobe\\setup\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xf9cc8690, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.497] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xf9cc8690, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.497] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}", cAlternateFileName="{AC76B~1")) returned 1 [0211.497] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}", cAlternateFileName="{AC76B~1")) returned 0 [0211.497] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0211.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.498] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Setup", lpFilePart=0x0) returned 0x1e [0211.498] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\*" (normalized: "c:\\users\\all users\\adobe\\setup\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1271f903, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0211.498] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1271f903, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf9cc8690, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.499] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}", cAlternateFileName="{AC76B~1")) returned 1 [0211.499] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.499] FindClose (in: hFindFile=0x600d60 | out: hFindFile=0x600d60) returned 1 [0211.499] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.499] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.499] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.499] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}", lpFilePart=0x0) returned 0x45 [0211.500] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\*.*" (normalized: "c:\\users\\all users\\adobe\\setup\\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.502] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.502] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x24cc8669, ftCreationTime.dwHighDateTime=0x1d0608d, ftLastAccessTime.dwLowDateTime=0x4a4c9d, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x24cc8669, ftLastWriteTime.dwHighDateTime=0x1d0608d, nFileSizeHigh=0x0, nFileSizeLow=0x271, dwReserved0=0x0, dwReserved1=0x0, cFileName="ABCPY.INI", cAlternateFileName="")) returned 1 [0211.503] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc0ede705, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4a4c9d, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc0ede705, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x2ea000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroRead.msi", cAlternateFileName="")) returned 1 [0211.504] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9d3c485, ftCreationTime.dwHighDateTime=0x1d0608e, ftLastAccessTime.dwLowDateTime=0x373a9f, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xa9d3c485, ftLastWriteTime.dwHighDateTime=0x1d0608e, nFileSizeHigh=0x0, nFileSizeLow=0x900b715, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data1.cab", cAlternateFileName="")) returned 1 [0211.505] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x236c39c1, ftCreationTime.dwHighDateTime=0x1d0608d, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x236c39c1, ftLastWriteTime.dwHighDateTime=0x1d0608d, nFileSizeHigh=0x0, nFileSizeLow=0x66aa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.exe", cAlternateFileName="")) returned 1 [0211.507] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x24688c55, ftCreationTime.dwHighDateTime=0x1d0608d, ftLastAccessTime.dwLowDateTime=0x4a4c9d, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x24688c55, ftLastWriteTime.dwHighDateTime=0x1d0608d, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.ini", cAlternateFileName="")) returned 1 [0211.508] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4caf96, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Transforms", cAlternateFileName="TRANSF~1")) returned 1 [0211.508] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4caf96, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Transforms", cAlternateFileName="TRANSF~1")) returned 0 [0211.508] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.516] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}", lpFilePart=0x0) returned 0x45 [0211.516] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\*" (normalized: "c:\\users\\all users\\adobe\\setup\\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x127454ce, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600c40 [0211.517] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf9cc8690, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x127454ce, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.518] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x24cc8669, ftCreationTime.dwHighDateTime=0x1d0608d, ftLastAccessTime.dwLowDateTime=0x4a4c9d, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x24cc8669, ftLastWriteTime.dwHighDateTime=0x1d0608d, nFileSizeHigh=0x0, nFileSizeLow=0x271, dwReserved0=0x0, dwReserved1=0x0, cFileName="ABCPY.INI", cAlternateFileName="")) returned 1 [0211.518] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc0ede705, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4a4c9d, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc0ede705, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x2ea000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroRead.msi", cAlternateFileName="")) returned 1 [0211.518] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9d3c485, ftCreationTime.dwHighDateTime=0x1d0608e, ftLastAccessTime.dwLowDateTime=0x373a9f, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xa9d3c485, ftLastWriteTime.dwHighDateTime=0x1d0608e, nFileSizeHigh=0x0, nFileSizeLow=0x900b715, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data1.cab", cAlternateFileName="")) returned 1 [0211.518] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x236c39c1, ftCreationTime.dwHighDateTime=0x1d0608d, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x236c39c1, ftLastWriteTime.dwHighDateTime=0x1d0608d, nFileSizeHigh=0x0, nFileSizeLow=0x66aa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.exe", cAlternateFileName="")) returned 1 [0211.518] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x24688c55, ftCreationTime.dwHighDateTime=0x1d0608d, ftLastAccessTime.dwLowDateTime=0x4a4c9d, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x24688c55, ftLastWriteTime.dwHighDateTime=0x1d0608d, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.ini", cAlternateFileName="")) returned 1 [0211.518] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4caf96, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Transforms", cAlternateFileName="TRANSF~1")) returned 1 [0211.518] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.518] FindClose (in: hFindFile=0x600c40 | out: hFindFile=0x600c40) returned 1 [0211.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.519] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Transforms", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Transforms", lpFilePart=0x0) returned 0x50 [0211.520] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Transforms\\*.*" (normalized: "c:\\users\\all users\\adobe\\setup\\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\\transforms\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4caf96, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0211.524] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4caf96, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.525] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc137b1e3, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc137b1e3, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1027.mst", cAlternateFileName="")) returned 1 [0211.525] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc137b1e3, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc137b1e3, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0xf000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1028.mst", cAlternateFileName="")) returned 1 [0211.526] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc137b1e3, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc137b1e3, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1029.mst", cAlternateFileName="")) returned 1 [0211.526] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc137b1e3, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc137b1e3, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1030.mst", cAlternateFileName="")) returned 1 [0211.526] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc137b1e3, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc137b1e3, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x14000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1031.mst", cAlternateFileName="")) returned 1 [0211.526] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc137b1e3, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc137b1e3, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033.mst", cAlternateFileName="")) returned 1 [0211.526] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc14d1e55, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc14d1e55, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1034.mst", cAlternateFileName="")) returned 1 [0211.526] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc14d1e55, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc14d1e55, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1035.mst", cAlternateFileName="")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc14d1e55, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc14d1e55, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1036.mst", cAlternateFileName="")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc14f7fb7, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc14f7fb7, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1038.mst", cAlternateFileName="")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc14f7fb7, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc14f7fb7, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1040.mst", cAlternateFileName="")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc14f7fb7, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc14f7fb7, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1041.mst", cAlternateFileName="")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc151e119, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc151e119, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1042.mst", cAlternateFileName="")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc151e119, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc151e119, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1043.mst", cAlternateFileName="")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc151e119, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc151e119, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1044.mst", cAlternateFileName="")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc154427b, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc154427b, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1045.mst", cAlternateFileName="")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc154427b, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc154427b, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1046.mst", cAlternateFileName="")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc154427b, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc154427b, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1048.mst", cAlternateFileName="")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc156a3dd, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc156a3dd, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1049.mst", cAlternateFileName="")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc156a3dd, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc156a3dd, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1050.mst", cAlternateFileName="")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc156a3dd, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc156a3dd, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1051.mst", cAlternateFileName="")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc156a3dd, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc156a3dd, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1053.mst", cAlternateFileName="")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc156a3dd, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc156a3dd, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1055.mst", cAlternateFileName="")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc156a3dd, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc156a3dd, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1058.mst", cAlternateFileName="")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc159053f, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc159053f, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1060.mst", cAlternateFileName="")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc159053f, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc159053f, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1069.mst", cAlternateFileName="")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc159053f, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc159053f, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="2052.mst", cAlternateFileName="")) returned 1 [0211.529] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.529] FindClose (in: hFindFile=0x601000 | out: hFindFile=0x601000) returned 1 [0211.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0211.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0211.530] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.530] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Transforms", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Transforms", lpFilePart=0x0) returned 0x50 [0211.531] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Setup\\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\\Transforms\\*" (normalized: "c:\\users\\all users\\adobe\\setup\\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\\transforms\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4caf96, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x1276b671, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.532] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4caf96, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x1276b671, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4caf96, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.532] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc137b1e3, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc137b1e3, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1027.mst", cAlternateFileName="")) returned 1 [0211.532] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc137b1e3, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc137b1e3, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0xf000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1028.mst", cAlternateFileName="")) returned 1 [0211.532] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc137b1e3, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc137b1e3, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1029.mst", cAlternateFileName="")) returned 1 [0211.532] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc137b1e3, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc137b1e3, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1030.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc137b1e3, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc137b1e3, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x14000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1031.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc137b1e3, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc137b1e3, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc14d1e55, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc14d1e55, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1034.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc14d1e55, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc14d1e55, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1035.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc14d1e55, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc14d1e55, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1036.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc14f7fb7, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc14f7fb7, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1038.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc14f7fb7, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc14f7fb7, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1040.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc14f7fb7, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc14f7fb7, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1041.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc151e119, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc151e119, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1042.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc151e119, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc151e119, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1043.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc151e119, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc151e119, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1044.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc154427b, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc154427b, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1045.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc154427b, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc154427b, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1046.mst", cAlternateFileName="")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc154427b, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc154427b, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1048.mst", cAlternateFileName="")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc156a3dd, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc156a3dd, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1049.mst", cAlternateFileName="")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc156a3dd, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc156a3dd, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1050.mst", cAlternateFileName="")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc156a3dd, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc156a3dd, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1051.mst", cAlternateFileName="")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc156a3dd, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc156a3dd, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1053.mst", cAlternateFileName="")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc156a3dd, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc156a3dd, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1055.mst", cAlternateFileName="")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc156a3dd, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc156a3dd, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1058.mst", cAlternateFileName="")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc159053f, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc159053f, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1060.mst", cAlternateFileName="")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc159053f, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc159053f, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="1069.mst", cAlternateFileName="")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc159053f, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc159053f, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="2052.mst", cAlternateFileName="")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc159053f, ftCreationTime.dwHighDateTime=0x1d0608f, ftLastAccessTime.dwLowDateTime=0x4caf96, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc159053f, ftLastWriteTime.dwHighDateTime=0x1d0608f, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="2052.mst", cAlternateFileName="")) returned 0 [0211.534] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0211.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0211.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.536] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Application Data", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Application Data", lpFilePart=0x0) returned 0x23 [0211.536] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\*.*" (normalized: "c:\\users\\all users\\application data\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0211.536] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0211.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.542] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Desktop", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Desktop", lpFilePart=0x0) returned 0x1a [0211.542] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Desktop\\*.*" (normalized: "c:\\users\\all users\\desktop\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0211.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0211.547] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.547] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Documents", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Documents", lpFilePart=0x0) returned 0x1c [0211.547] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Documents\\*.*" (normalized: "c:\\users\\all users\\documents\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0211.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0211.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.552] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft", lpFilePart=0x0) returned 0x1c [0211.553] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\*.*" (normalized: "c:\\users\\all users\\microsoft\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9ac223c7, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x2b5c5210, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0211.554] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9ac223c7, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x2b5c5210, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.554] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppV", cAlternateFileName="")) returned 1 [0211.554] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x83752487, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x83752487, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0211.554] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc864c860, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc864c860, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Device Stage", cAlternateFileName="")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc864c860, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc864c860, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeviceSync", cAlternateFileName="")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x99d378e5, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x99d378e5, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Diagnosis", cAlternateFileName="")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcbf6fad6, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xcbf6fad6, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xcbf6fad6, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DiagnosticLogCSP", cAlternateFileName="DIAGNO~1")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc864c860, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc864c860, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DRM", cAlternateFileName="")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x283b3958, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x283b3958, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x283b3958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EdgeUpdate", cAlternateFileName="EDGEUP~1")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8aa91111, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x8aa91111, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x8aa91111, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IdentityCRL", cAlternateFileName="IDENTI~1")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc864c860, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc864c860, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MapData", cAlternateFileName="")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6f017ca, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6f017ca, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MF", cAlternateFileName="")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xb93c549, ftLastAccessTime.dwHighDateTime=0x1d5ace1, ftLastWriteTime.dwLowDateTime=0xb93c549, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFramework", cAlternateFileName="")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xb93c549, ftLastAccessTime.dwHighDateTime=0x1d5ace1, ftLastWriteTime.dwLowDateTime=0xb93c549, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xa515a9e7, ftLastAccessTime.dwHighDateTime=0x1d9b55f, ftLastWriteTime.dwLowDateTime=0xa515a9e7, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Provisioning", cAlternateFileName="")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b5c5210, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2b5c5210, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x2b5c5210, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search", cAlternateFileName="")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc867053b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc867053b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Settings", cAlternateFileName="")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xcb527811, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xcb527811, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmsRouter", cAlternateFileName="")) returned 1 [0211.555] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc867053b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc867053b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spectrum", cAlternateFileName="")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc867053b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc867053b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Speech_OneCore", cAlternateFileName="")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc9b00bb4, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc9b00bb4, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage Health", cAlternateFileName="")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UEV", cAlternateFileName="")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x33768d16, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x33768d16, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Account Pictures", cAlternateFileName="")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9b07477c, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x313f1cfe, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc867053b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc867053b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WDF", cAlternateFileName="")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9021e826, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x81c51f70, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xf194d189, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0xa1573eb2, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~1")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender Advanced Threat Protection", cAlternateFileName="WINDOW~3")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc8eef21b, ftCreationTime.dwHighDateTime=0x1d5ace3, ftLastAccessTime.dwLowDateTime=0xc8f15250, ftLastAccessTime.dwHighDateTime=0x1d5ace3, ftLastWriteTime.dwLowDateTime=0xc8f15250, ftLastWriteTime.dwHighDateTime=0x1d5ace3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xb96059c, ftLastAccessTime.dwHighDateTime=0x1d5ace1, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Security Health", cAlternateFileName="")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc867053b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc867053b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinMSIPC", cAlternateFileName="")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xb96059c, ftLastAccessTime.dwHighDateTime=0x1d5ace1, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 1 [0211.556] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xb96059c, ftLastAccessTime.dwHighDateTime=0x1d5ace1, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 0 [0211.557] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0211.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0211.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0211.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.557] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft", lpFilePart=0x0) returned 0x1c [0211.558] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\*" (normalized: "c:\\users\\all users\\microsoft\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x127b7b00, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x2b5c5210, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.558] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x127b7b00, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x2b5c5210, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.558] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppV", cAlternateFileName="")) returned 1 [0211.558] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x83752487, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x83752487, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0211.558] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc864c860, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc864c860, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Device Stage", cAlternateFileName="")) returned 1 [0211.558] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc864c860, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc864c860, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeviceSync", cAlternateFileName="")) returned 1 [0211.558] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x99d378e5, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x99d378e5, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Diagnosis", cAlternateFileName="")) returned 1 [0211.559] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcbf6fad6, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xcbf6fad6, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xcbf6fad6, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DiagnosticLogCSP", cAlternateFileName="DIAGNO~1")) returned 1 [0211.559] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc864c860, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc864c860, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DRM", cAlternateFileName="")) returned 1 [0211.559] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x283b3958, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x283b3958, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x283b3958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EdgeUpdate", cAlternateFileName="EDGEUP~1")) returned 1 [0211.559] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8aa91111, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0x8aa91111, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x8aa91111, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IdentityCRL", cAlternateFileName="IDENTI~1")) returned 1 [0211.559] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc864c860, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc864c860, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MapData", cAlternateFileName="")) returned 1 [0211.559] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6f017ca, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6f017ca, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MF", cAlternateFileName="")) returned 1 [0211.559] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xb93c549, ftLastAccessTime.dwHighDateTime=0x1d5ace1, ftLastWriteTime.dwLowDateTime=0xb93c549, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFramework", cAlternateFileName="")) returned 1 [0211.559] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xb93c549, ftLastAccessTime.dwHighDateTime=0x1d5ace1, ftLastWriteTime.dwLowDateTime=0xb93c549, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0211.559] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc864c860, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xa515a9e7, ftLastAccessTime.dwHighDateTime=0x1d9b55f, ftLastWriteTime.dwLowDateTime=0xa515a9e7, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Provisioning", cAlternateFileName="")) returned 1 [0211.560] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b5c5210, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2b5c5210, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x2b5c5210, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search", cAlternateFileName="")) returned 1 [0211.560] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc867053b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc867053b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Settings", cAlternateFileName="")) returned 1 [0211.560] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xcb527811, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0xcb527811, ftLastWriteTime.dwHighDateTime=0x1d9425b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmsRouter", cAlternateFileName="")) returned 1 [0211.560] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc867053b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc867053b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spectrum", cAlternateFileName="")) returned 1 [0211.560] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc867053b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc867053b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Speech_OneCore", cAlternateFileName="")) returned 1 [0211.560] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc9b00bb4, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc9b00bb4, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage Health", cAlternateFileName="")) returned 1 [0211.560] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UEV", cAlternateFileName="")) returned 1 [0211.560] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x33768d16, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x33768d16, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Account Pictures", cAlternateFileName="")) returned 1 [0211.560] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9b07477c, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x313f1cfe, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0211.561] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc867053b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc867053b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WDF", cAlternateFileName="")) returned 1 [0211.561] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9021e826, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x81c51f70, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0211.561] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xf194d189, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0xa1573eb2, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~1")) returned 1 [0211.561] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender Advanced Threat Protection", cAlternateFileName="WINDOW~3")) returned 1 [0211.561] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc8eef21b, ftCreationTime.dwHighDateTime=0x1d5ace3, ftLastAccessTime.dwLowDateTime=0xc8f15250, ftLastAccessTime.dwHighDateTime=0x1d5ace3, ftLastWriteTime.dwLowDateTime=0xc8f15250, ftLastWriteTime.dwHighDateTime=0x1d5ace3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0211.561] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xb96059c, ftLastAccessTime.dwHighDateTime=0x1d5ace1, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Security Health", cAlternateFileName="")) returned 1 [0211.561] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc867053b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc867053b, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc867053b, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinMSIPC", cAlternateFileName="")) returned 1 [0211.561] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xb96059c, ftLastAccessTime.dwHighDateTime=0x1d5ace1, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 1 [0211.562] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.562] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0211.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0211.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.562] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft OneDrive", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft OneDrive", lpFilePart=0x0) returned 0x25 [0211.563] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft OneDrive\\*.*" (normalized: "c:\\users\\all users\\microsoft onedrive\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xe3360f38, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xe3360f38, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.563] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xe3360f38, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xe3360f38, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.563] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xe33871fd, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xe33871fd, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup", cAlternateFileName="")) returned 1 [0211.563] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xe33871fd, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xe33871fd, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup", cAlternateFileName="")) returned 0 [0211.564] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0211.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0211.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.564] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft OneDrive", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft OneDrive", lpFilePart=0x0) returned 0x25 [0211.565] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft OneDrive\\*" (normalized: "c:\\users\\all users\\microsoft onedrive\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0x127b7b00, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe3360f38, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601840 [0211.565] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0x127b7b00, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe3360f38, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.565] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xe33871fd, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xe33871fd, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup", cAlternateFileName="")) returned 1 [0211.565] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.566] FindClose (in: hFindFile=0x601840 | out: hFindFile=0x601840) returned 1 [0211.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0211.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0211.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.566] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft OneDrive\\setup", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft OneDrive\\setup", lpFilePart=0x0) returned 0x2b [0211.566] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft OneDrive\\setup\\*.*" (normalized: "c:\\users\\all users\\microsoft onedrive\\setup\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xe33871fd, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xe33871fd, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0211.567] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xe33871fd, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xe33871fd, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.567] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe33871fd, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0x52ca97e2, ftLastAccessTime.dwHighDateTime=0x1d94217, ftLastWriteTime.dwLowDateTime=0x52ca97e2, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x19, dwReserved0=0x0, dwReserved1=0x0, cFileName="refcount.ini", cAlternateFileName="")) returned 1 [0211.568] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.568] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0211.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.569] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft OneDrive\\setup", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft OneDrive\\setup", lpFilePart=0x0) returned 0x2b [0211.570] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft OneDrive\\setup\\*" (normalized: "c:\\users\\all users\\microsoft onedrive\\setup\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0x127b7b00, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe33871fd, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.570] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe3360f38, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0x127b7b00, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe33871fd, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.570] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe33871fd, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0x52ca97e2, ftLastAccessTime.dwHighDateTime=0x1d94217, ftLastWriteTime.dwLowDateTime=0x52ca97e2, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x19, dwReserved0=0x0, dwReserved1=0x0, cFileName="refcount.ini", cAlternateFileName="")) returned 1 [0211.570] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe33871fd, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0x52ca97e2, ftLastAccessTime.dwHighDateTime=0x1d94217, ftLastWriteTime.dwLowDateTime=0x52ca97e2, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x19, dwReserved0=0x0, dwReserved1=0x0, cFileName="refcount.ini", cAlternateFileName="")) returned 0 [0211.570] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.571] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache", lpFilePart=0x0) returned 0x20 [0211.571] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\*.*" (normalized: "c:\\users\\all users\\package cache\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54cf01b, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0211.585] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54cf01b, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.586] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2997f59, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2997f59, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{050d4fc8-5d48-4b8f-8972-47c82c46020f}", cAlternateFileName="{050D4~1")) returned 1 [0211.587] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd70a88f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd70a88f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cAlternateFileName="{33D1F~1")) returned 1 [0211.587] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc901c918, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9042c04, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cAlternateFileName="{37B8F~1.610")) returned 1 [0211.587] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0ba4e22, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0ba4e22, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}", cAlternateFileName="{6BA9F~1")) returned 1 [0211.587] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cAlternateFileName="{929FB~1.210")) returned 1 [0211.587] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd29e4387, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2a569b8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cAlternateFileName="{A749D~1.210")) returned 1 [0211.587] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931", cAlternateFileName="{AB1BD~1.319")) returned 1 [0211.587] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cAlternateFileName="{B1755~1.610")) returned 1 [0211.587] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd730a3f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7c92cf, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cAlternateFileName="{BD95A~1.610")) returned 1 [0211.587] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931", cAlternateFileName="{C2662~1.319")) returned 1 [0211.587] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8f37ad9, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cAlternateFileName="{CA675~1")) returned 1 [0211.587] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8f5dcac, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8ff6722, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cAlternateFileName="{CF2BE~1.610")) returned 1 [0211.588] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe5482bce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931", cAlternateFileName="{CF4C3~1.319")) returned 1 [0211.588] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe53ea2ce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe53ea2ce, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{d4cecf3b-b68f-4995-8840-52ea0fab646e}", cAlternateFileName="{D4CEC~1")) returned 1 [0211.588] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931", cAlternateFileName="{EAE24~1.319")) returned 1 [0211.588] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931", cAlternateFileName="{EAE24~1.319")) returned 0 [0211.588] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0211.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0211.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0211.590] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.590] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache", lpFilePart=0x0) returned 0x20 [0211.591] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\*" (normalized: "c:\\users\\all users\\package cache\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12803d8e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.592] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12803d8e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.592] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2997f59, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2997f59, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{050d4fc8-5d48-4b8f-8972-47c82c46020f}", cAlternateFileName="{050D4~1")) returned 1 [0211.593] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd70a88f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd70a88f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cAlternateFileName="{33D1F~1")) returned 1 [0211.593] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc901c918, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9042c04, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cAlternateFileName="{37B8F~1.610")) returned 1 [0211.593] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0ba4e22, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0ba4e22, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}", cAlternateFileName="{6BA9F~1")) returned 1 [0211.593] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cAlternateFileName="{929FB~1.210")) returned 1 [0211.593] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd29e4387, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2a569b8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cAlternateFileName="{A749D~1.210")) returned 1 [0211.593] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931", cAlternateFileName="{AB1BD~1.319")) returned 1 [0211.594] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cAlternateFileName="{B1755~1.610")) returned 1 [0211.594] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd730a3f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7c92cf, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cAlternateFileName="{BD95A~1.610")) returned 1 [0211.594] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931", cAlternateFileName="{C2662~1.319")) returned 1 [0211.594] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8f37ad9, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cAlternateFileName="{CA675~1")) returned 1 [0211.594] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8f5dcac, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8ff6722, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cAlternateFileName="{CF2BE~1.610")) returned 1 [0211.595] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe5482bce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931", cAlternateFileName="{CF4C3~1.319")) returned 1 [0211.596] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe53ea2ce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe53ea2ce, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{d4cecf3b-b68f-4995-8840-52ea0fab646e}", cAlternateFileName="{D4CEC~1")) returned 1 [0211.596] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931", cAlternateFileName="{EAE24~1.319")) returned 1 [0211.596] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.596] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0211.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0211.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0211.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.598] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}", lpFilePart=0x0) returned 0x47 [0211.599] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\*.*" (normalized: "c:\\users\\all users\\package cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2997f59, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2997f59, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.602] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2997f59, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2997f59, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.603] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2997f59, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xd43f7dae, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd43f7dae, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x31c, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0211.604] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2997f59, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xd2997f59, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2866c55, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x70a58, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0211.605] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.605] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.606] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}", lpFilePart=0x0) returned 0x47 [0211.606] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\*" (normalized: "c:\\users\\all users\\package cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2997f59, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1282a2e4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2997f59, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.607] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2997f59, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1282a2e4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2997f59, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.607] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2997f59, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xd43f7dae, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd43f7dae, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x31c, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0211.607] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2997f59, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xd2997f59, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2866c55, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x70a58, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0211.607] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2997f59, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xd2997f59, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2866c55, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x70a58, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0211.607] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0211.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.607] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpFilePart=0x0) returned 0x47 [0211.608] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*.*" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd70a88f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd70a88f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.609] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd70a88f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd70a88f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.609] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd70a88f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xcf2c1ae7, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcf2c1ae7, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x310, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0211.610] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd70a88f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xcd70a88f, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd6259c8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0211.612] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.612] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.612] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.612] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpFilePart=0x0) returned 0x47 [0211.613] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd70a88f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1282a2e4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xcd70a88f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.613] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd70a88f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1282a2e4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xcd70a88f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.613] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd70a88f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xcf2c1ae7, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcf2c1ae7, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x310, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0211.613] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd70a88f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xcd70a88f, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd6259c8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0211.613] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd70a88f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xcd70a88f, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd6259c8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0211.614] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.614] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpFilePart=0x0) returned 0x52 [0211.616] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*.*" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc901c918, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9042c04, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0211.616] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc901c918, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9042c04, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.616] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9042c04, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.617] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9042c04, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0211.617] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0211.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.617] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpFilePart=0x0) returned 0x52 [0211.618] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc901c918, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128505bf, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9042c04, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.618] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc901c918, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128505bf, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9042c04, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.618] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9042c04, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.618] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.618] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.619] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages", lpFilePart=0x0) returned 0x5b [0211.619] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*.*" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9042c04, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.620] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9042c04, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.620] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9068e86, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0211.620] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9068e86, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0211.620] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.620] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages", lpFilePart=0x0) returned 0x5b [0211.621] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128505bf, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9042c04, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.621] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128505bf, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9042c04, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.621] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9068e86, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0211.621] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.622] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0211.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.622] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64", lpFilePart=0x0) returned 0x75 [0211.622] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*.*" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9068e86, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601840 [0211.623] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc9068e86, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.623] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18637300, ftCreationTime.dwHighDateTime=0x1ced525, ftLastAccessTime.dwLowDateTime=0xca781a8f, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x18637300, ftLastWriteTime.dwHighDateTime=0x1ced525, nFileSizeHigh=0x0, nFileSizeLow=0x588124, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.624] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb35c4d00, ftCreationTime.dwHighDateTime=0x1ced525, ftLastAccessTime.dwLowDateTime=0xca1d80e0, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xb35c4d00, ftLastWriteTime.dwHighDateTime=0x1ced525, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.626] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.626] FindClose (in: hFindFile=0x601840 | out: hFindFile=0x601840) returned 1 [0211.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0211.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0211.627] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.627] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64", lpFilePart=0x0) returned 0x75 [0211.627] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128505bf, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9068e86, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.627] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9042c04, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128505bf, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9068e86, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.627] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18637300, ftCreationTime.dwHighDateTime=0x1ced525, ftLastAccessTime.dwLowDateTime=0xca781a8f, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x18637300, ftLastWriteTime.dwHighDateTime=0x1ced525, nFileSizeHigh=0x0, nFileSizeLow=0x588124, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.628] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb35c4d00, ftCreationTime.dwHighDateTime=0x1ced525, ftLastAccessTime.dwLowDateTime=0xca1d80e0, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xb35c4d00, ftLastWriteTime.dwHighDateTime=0x1ced525, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.628] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb35c4d00, ftCreationTime.dwHighDateTime=0x1ced525, ftLastAccessTime.dwLowDateTime=0xca1d80e0, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xb35c4d00, ftLastWriteTime.dwHighDateTime=0x1ced525, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0211.628] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0211.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0211.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.628] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}", lpFilePart=0x0) returned 0x47 [0211.628] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\*.*" (normalized: "c:\\users\\all users\\package cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0ba4e22, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0ba4e22, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.630] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0ba4e22, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0ba4e22, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.630] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0ba4e22, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe22bda6d, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe22bda6d, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x428, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0211.630] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0ba4e22, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe0ba4e22, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe066db65, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x9eac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0211.630] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.630] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.630] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}", lpFilePart=0x0) returned 0x47 [0211.631] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\*" (normalized: "c:\\users\\all users\\package cache\\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0ba4e22, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128505bf, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe0ba4e22, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0211.631] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0ba4e22, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128505bf, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe0ba4e22, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.631] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0ba4e22, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe22bda6d, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe22bda6d, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x428, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0211.633] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0ba4e22, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe0ba4e22, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe066db65, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x9eac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0211.633] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0ba4e22, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe0ba4e22, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe066db65, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x9eac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0 [0211.633] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0211.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.633] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpFilePart=0x0) returned 0x52 [0211.633] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*.*" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0211.634] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.634] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.634] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0211.634] FindClose (in: hFindFile=0x601780 | out: hFindFile=0x601780) returned 1 [0211.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.634] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpFilePart=0x0) returned 0x52 [0211.635] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128766f4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0211.636] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128766f4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.636] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.636] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.636] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0211.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.636] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages", lpFilePart=0x0) returned 0x5b [0211.636] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*.*" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.637] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.637] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2b156fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0211.637] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2b156fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0211.637] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.637] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages", lpFilePart=0x0) returned 0x5b [0211.638] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128766f4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.638] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128766f4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.638] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2b156fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0211.638] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.638] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.638] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64", lpFilePart=0x0) returned 0x75 [0211.638] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*.*" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2b156fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0211.639] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2b156fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.639] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd38c00, ftCreationTime.dwHighDateTime=0x1cf3e26, ftLastAccessTime.dwLowDateTime=0xd3f33377, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xecd38c00, ftLastWriteTime.dwHighDateTime=0x1cf3e26, nFileSizeHigh=0x0, nFileSizeLow=0x554520, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.639] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea713200, ftCreationTime.dwHighDateTime=0x1cf3e26, ftLastAccessTime.dwLowDateTime=0xd3a94b2d, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xea713200, ftLastWriteTime.dwHighDateTime=0x1cf3e26, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.639] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.639] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0211.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0211.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0211.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.639] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64", lpFilePart=0x0) returned 0x75 [0211.640] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128766f4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2b156fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6015a0 [0211.640] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2aa300f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128766f4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2b156fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.640] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd38c00, ftCreationTime.dwHighDateTime=0x1cf3e26, ftLastAccessTime.dwLowDateTime=0xd3f33377, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xecd38c00, ftLastWriteTime.dwHighDateTime=0x1cf3e26, nFileSizeHigh=0x0, nFileSizeLow=0x554520, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.640] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea713200, ftCreationTime.dwHighDateTime=0x1cf3e26, ftLastAccessTime.dwLowDateTime=0xd3a94b2d, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xea713200, ftLastWriteTime.dwHighDateTime=0x1cf3e26, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.640] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea713200, ftCreationTime.dwHighDateTime=0x1cf3e26, ftLastAccessTime.dwLowDateTime=0xd3a94b2d, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xea713200, ftLastWriteTime.dwHighDateTime=0x1cf3e26, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0211.640] FindClose (in: hFindFile=0x6015a0 | out: hFindFile=0x6015a0) returned 1 [0211.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0211.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0211.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.641] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpFilePart=0x0) returned 0x52 [0211.641] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*.*" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd29e4387, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2a569b8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0211.641] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd29e4387, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2a569b8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.641] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2a569b8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.642] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2a569b8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0211.642] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0211.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.642] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpFilePart=0x0) returned 0x52 [0211.642] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd29e4387, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128766f4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2a569b8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0211.642] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd29e4387, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128766f4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2a569b8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.642] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2a569b8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.643] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.643] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0211.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.643] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages", lpFilePart=0x0) returned 0x5b [0211.643] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*.*" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2a569b8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.644] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2a569b8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.644] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0211.644] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0211.644] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.644] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages", lpFilePart=0x0) returned 0x5b [0211.645] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128766f4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2a569b8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0211.645] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128766f4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2a569b8, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.645] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0211.645] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.645] FindClose (in: hFindFile=0x601780 | out: hFindFile=0x601780) returned 1 [0211.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.645] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64", lpFilePart=0x0) returned 0x72 [0211.646] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*.*" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.646] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.646] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea713200, ftCreationTime.dwHighDateTime=0x1cf3e26, ftLastAccessTime.dwLowDateTime=0xd336db15, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xea713200, ftLastWriteTime.dwHighDateTime=0x1cf3e26, nFileSizeHigh=0x0, nFileSizeLow=0xfc90a, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.648] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea713200, ftCreationTime.dwHighDateTime=0x1cf3e26, ftLastAccessTime.dwLowDateTime=0xd3098cbd, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xea713200, ftLastWriteTime.dwHighDateTime=0x1cf3e26, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.648] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.648] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0211.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0211.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.649] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64", lpFilePart=0x0) returned 0x72 [0211.649] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1289c888, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0211.649] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd2a569b8, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1289c888, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd2aa300f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.649] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea713200, ftCreationTime.dwHighDateTime=0x1cf3e26, ftLastAccessTime.dwLowDateTime=0xd336db15, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xea713200, ftLastWriteTime.dwHighDateTime=0x1cf3e26, nFileSizeHigh=0x0, nFileSizeLow=0xfc90a, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.649] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea713200, ftCreationTime.dwHighDateTime=0x1cf3e26, ftLastAccessTime.dwLowDateTime=0xd3098cbd, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xea713200, ftLastWriteTime.dwHighDateTime=0x1cf3e26, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.649] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea713200, ftCreationTime.dwHighDateTime=0x1cf3e26, ftLastAccessTime.dwLowDateTime=0xd3098cbd, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xea713200, ftLastWriteTime.dwHighDateTime=0x1cf3e26, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0211.649] FindClose (in: hFindFile=0x601600 | out: hFindFile=0x601600) returned 1 [0211.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0211.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0211.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.650] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931", lpFilePart=0x0) returned 0x53 [0211.650] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\*.*" (normalized: "c:\\users\\all users\\package cache\\{ab1bdf73-7393-42ce-812d-9a90918814d5}v14.34.31931\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601960 [0211.650] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.650] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.650] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0211.650] FindClose (in: hFindFile=0x601960 | out: hFindFile=0x601960) returned 1 [0211.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.651] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931", lpFilePart=0x0) returned 0x53 [0211.651] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\*" (normalized: "c:\\users\\all users\\package cache\\{ab1bdf73-7393-42ce-812d-9a90918814d5}v14.34.31931\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1289c888, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0211.651] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1289c888, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.651] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.651] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.651] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0211.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.652] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\packages", lpFilePart=0x0) returned 0x5c [0211.652] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\packages\\*.*" (normalized: "c:\\users\\all users\\package cache\\{ab1bdf73-7393-42ce-812d-9a90918814d5}v14.34.31931\\packages\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.652] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.652] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0211.652] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0211.652] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.653] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\packages", lpFilePart=0x0) returned 0x5c [0211.653] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\packages\\*" (normalized: "c:\\users\\all users\\package cache\\{ab1bdf73-7393-42ce-812d-9a90918814d5}v14.34.31931\\packages\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1289c888, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.654] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1289c888, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.654] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0211.654] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.654] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0211.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.654] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\packages\\vcRuntimeMinimum_x86", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\packages\\vcRuntimeMinimum_x86", lpFilePart=0x0) returned 0x71 [0211.654] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\packages\\vcRuntimeMinimum_x86\\*.*" (normalized: "c:\\users\\all users\\package cache\\{ab1bdf73-7393-42ce-812d-9a90918814d5}v14.34.31931\\packages\\vcruntimeminimum_x86\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.655] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.655] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc18a600, ftCreationTime.dwHighDateTime=0x1d8d904, ftLastAccessTime.dwLowDateTime=0xe142340c, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xfc18a600, ftLastWriteTime.dwHighDateTime=0x1d8d904, nFileSizeHigh=0x0, nFileSizeLow=0xc5c93, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.655] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bf76d00, ftCreationTime.dwHighDateTime=0x1d8d905, ftLastAccessTime.dwLowDateTime=0xe119ae15, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x4bf76d00, ftLastWriteTime.dwHighDateTime=0x1d8d905, nFileSizeHigh=0x0, nFileSizeLow=0x2d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.655] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.655] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0211.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0211.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.655] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\packages\\vcRuntimeMinimum_x86", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\packages\\vcRuntimeMinimum_x86", lpFilePart=0x0) returned 0x71 [0211.656] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{AB1BDF73-7393-42CE-812D-9A90918814D5}v14.34.31931\\packages\\vcRuntimeMinimum_x86\\*" (normalized: "c:\\users\\all users\\package cache\\{ab1bdf73-7393-42ce-812d-9a90918814d5}v14.34.31931\\packages\\vcruntimeminimum_x86\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1289c888, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.656] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1289c888, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.656] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc18a600, ftCreationTime.dwHighDateTime=0x1d8d904, ftLastAccessTime.dwLowDateTime=0xe142340c, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xfc18a600, ftLastWriteTime.dwHighDateTime=0x1d8d904, nFileSizeHigh=0x0, nFileSizeLow=0xc5c93, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.656] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bf76d00, ftCreationTime.dwHighDateTime=0x1d8d905, ftLastAccessTime.dwLowDateTime=0xe119ae15, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x4bf76d00, ftLastWriteTime.dwHighDateTime=0x1d8d905, nFileSizeHigh=0x0, nFileSizeLow=0x2d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.656] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bf76d00, ftCreationTime.dwHighDateTime=0x1d8d905, ftLastAccessTime.dwLowDateTime=0xe119ae15, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x4bf76d00, ftLastWriteTime.dwHighDateTime=0x1d8d905, nFileSizeHigh=0x0, nFileSizeLow=0x2d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0211.656] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0211.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0211.656] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.656] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpFilePart=0x0) returned 0x52 [0211.657] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*.*" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0211.657] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.657] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.657] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0211.657] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0211.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.658] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpFilePart=0x0) returned 0x52 [0211.658] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1289c888, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.658] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1289c888, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.658] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.658] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.658] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.659] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages", lpFilePart=0x0) returned 0x5b [0211.659] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*.*" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.660] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.660] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd83b96a, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0211.660] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd83b96a, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0211.660] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0211.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.660] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages", lpFilePart=0x0) returned 0x5b [0211.660] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1289c888, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601840 [0211.661] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1289c888, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.661] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd83b96a, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0211.661] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.661] FindClose (in: hFindFile=0x601840 | out: hFindFile=0x601840) returned 1 [0211.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.662] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86", lpFilePart=0x0) returned 0x73 [0211.662] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*.*" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd83b96a, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.663] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd83b96a, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.663] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa960e00, ftCreationTime.dwHighDateTime=0x1ced524, ftLastAccessTime.dwLowDateTime=0xcee496b3, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xfa960e00, ftLastWriteTime.dwHighDateTime=0x1ced524, nFileSizeHigh=0x0, nFileSizeLow=0x4ea418, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.663] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8210100, ftCreationTime.dwHighDateTime=0x1ced525, ftLastAccessTime.dwLowDateTime=0xce9d102e, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xb8210100, ftLastWriteTime.dwHighDateTime=0x1ced525, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.663] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.663] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0211.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0211.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.664] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86", lpFilePart=0x0) returned 0x73 [0211.664] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128c2b2a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xcd83b96a, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.664] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7ef624, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128c2b2a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xcd83b96a, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.664] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa960e00, ftCreationTime.dwHighDateTime=0x1ced524, ftLastAccessTime.dwLowDateTime=0xcee496b3, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xfa960e00, ftLastWriteTime.dwHighDateTime=0x1ced524, nFileSizeHigh=0x0, nFileSizeLow=0x4ea418, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.664] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8210100, ftCreationTime.dwHighDateTime=0x1ced525, ftLastAccessTime.dwLowDateTime=0xce9d102e, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xb8210100, ftLastWriteTime.dwHighDateTime=0x1ced525, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.664] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8210100, ftCreationTime.dwHighDateTime=0x1ced525, ftLastAccessTime.dwLowDateTime=0xce9d102e, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xb8210100, ftLastWriteTime.dwHighDateTime=0x1ced525, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0211.665] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0211.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0211.665] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.665] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpFilePart=0x0) returned 0x52 [0211.666] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*.*" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd730a3f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7c92cf, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.667] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd730a3f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7c92cf, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.667] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7c92cf, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7c92cf, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.667] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7c92cf, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7c92cf, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0211.667] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0211.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.667] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpFilePart=0x0) returned 0x52 [0211.668] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd730a3f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128c2b2a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xcd7c92cf, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.668] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd730a3f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128c2b2a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xcd7c92cf, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.668] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7c92cf, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7c92cf, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.668] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.668] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.668] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.668] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages", lpFilePart=0x0) returned 0x5b [0211.669] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*.*" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7c92cf, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7c92cf, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0211.669] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7c92cf, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7c92cf, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.669] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7c92cf, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0211.669] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7c92cf, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0211.670] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0211.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.670] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages", lpFilePart=0x0) returned 0x5b [0211.670] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7c92cf, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128c2b2a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xcd7c92cf, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.671] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7c92cf, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128c2b2a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xcd7c92cf, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.671] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7c92cf, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0211.671] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.671] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.671] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.671] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86", lpFilePart=0x0) returned 0x70 [0211.672] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*.*" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7c92cf, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600c40 [0211.672] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7c92cf, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.675] FindClose (in: hFindFile=0x600c40 | out: hFindFile=0x600c40) returned 1 [0211.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0211.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0211.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.676] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86", lpFilePart=0x0) returned 0x70 [0211.677] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd7c92cf, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128c2b2a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xcd7ef624, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.677] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0211.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0211.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.678] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931", lpFilePart=0x0) returned 0x53 [0211.679] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\*.*" (normalized: "c:\\users\\all users\\package cache\\{c2662eff-06e6-4fd1-9d6d-fdca91025757}v14.34.31931\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0211.679] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0211.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.680] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931", lpFilePart=0x0) returned 0x53 [0211.680] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\*" (normalized: "c:\\users\\all users\\package cache\\{c2662eff-06e6-4fd1-9d6d-fdca91025757}v14.34.31931\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128e90d3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600b80 [0211.681] FindClose (in: hFindFile=0x600b80 | out: hFindFile=0x600b80) returned 1 [0211.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.681] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.681] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\packages", lpFilePart=0x0) returned 0x5c [0211.681] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\packages\\*.*" (normalized: "c:\\users\\all users\\package cache\\{c2662eff-06e6-4fd1-9d6d-fdca91025757}v14.34.31931\\packages\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0211.682] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0211.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.682] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.682] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\packages", lpFilePart=0x0) returned 0x5c [0211.683] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\packages\\*" (normalized: "c:\\users\\all users\\package cache\\{c2662eff-06e6-4fd1-9d6d-fdca91025757}v14.34.31931\\packages\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128e90d3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe0c1744f, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0211.684] FindClose (in: hFindFile=0x601600 | out: hFindFile=0x601600) returned 1 [0211.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.684] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\packages\\vcRuntimeAdditional_x86", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\packages\\vcRuntimeAdditional_x86", lpFilePart=0x0) returned 0x74 [0211.685] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\packages\\vcRuntimeAdditional_x86\\*.*" (normalized: "c:\\users\\all users\\package cache\\{c2662eff-06e6-4fd1-9d6d-fdca91025757}v14.34.31931\\packages\\vcruntimeadditional_x86\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe0c3d788, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.688] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0211.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0211.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.688] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\packages\\vcRuntimeAdditional_x86", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\packages\\vcRuntimeAdditional_x86", lpFilePart=0x0) returned 0x74 [0211.689] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}v14.34.31931\\packages\\vcRuntimeAdditional_x86\\*" (normalized: "c:\\users\\all users\\package cache\\{c2662eff-06e6-4fd1-9d6d-fdca91025757}v14.34.31931\\packages\\vcruntimeadditional_x86\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0c1744f, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128e90d3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe0c3d788, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0211.689] FindClose (in: hFindFile=0x601000 | out: hFindFile=0x601000) returned 1 [0211.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0211.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0211.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.690] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpFilePart=0x0) returned 0x47 [0211.691] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*.*" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8f37ad9, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.693] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0211.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.694] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.694] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.695] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpFilePart=0x0) returned 0x47 [0211.695] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128e90d3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc8f37ad9, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.695] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x128e90d3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc8f37ad9, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.695] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xcaaa2b44, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xcaaa2b44, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x310, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0211.695] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xc8f37ad9, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8e52a30, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0211.696] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8f37ad9, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xc8f37ad9, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8e52a30, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0211.696] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.696] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpFilePart=0x0) returned 0x52 [0211.697] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*.*" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8f5dcac, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8ff6722, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0211.697] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8f5dcac, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8ff6722, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.698] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8ff6722, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.698] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8ff6722, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0211.698] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0211.698] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.698] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.698] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpFilePart=0x0) returned 0x52 [0211.699] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8f5dcac, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1290f44a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc8ff6722, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.699] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8f5dcac, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1290f44a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc8ff6722, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.699] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8ff6722, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.699] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.699] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.699] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages", lpFilePart=0x0) returned 0x5b [0211.700] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*.*" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8ff6722, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.700] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc8ff6722, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.700] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc901c918, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0211.701] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc901c918, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0211.701] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0211.701] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.701] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.701] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages", lpFilePart=0x0) returned 0x5b [0211.701] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1290f44a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc8ff6722, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0211.702] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1290f44a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc8ff6722, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.702] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc901c918, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0211.702] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.702] FindClose (in: hFindFile=0x601780 | out: hFindFile=0x601780) returned 1 [0211.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.702] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64", lpFilePart=0x0) returned 0x72 [0211.703] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*.*" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc901c918, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.703] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xc901c918, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.703] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x681d000, ftCreationTime.dwHighDateTime=0x1ced525, ftLastAccessTime.dwLowDateTime=0xc9ab10e8, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x681d000, ftLastWriteTime.dwHighDateTime=0x1ced525, nFileSizeHigh=0x0, nFileSizeLow=0xc5b25, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.704] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca02a400, ftCreationTime.dwHighDateTime=0x1ced525, ftLastAccessTime.dwLowDateTime=0xc97b6abc, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xca02a400, ftLastWriteTime.dwHighDateTime=0x1ced525, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.705] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.705] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0211.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0211.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.705] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64", lpFilePart=0x0) returned 0x72 [0211.706] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1290f44a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc901c918, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.706] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc8ff6722, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1290f44a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc901c918, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.706] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x681d000, ftCreationTime.dwHighDateTime=0x1ced525, ftLastAccessTime.dwLowDateTime=0xc9ab10e8, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x681d000, ftLastWriteTime.dwHighDateTime=0x1ced525, nFileSizeHigh=0x0, nFileSizeLow=0xc5b25, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.706] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca02a400, ftCreationTime.dwHighDateTime=0x1ced525, ftLastAccessTime.dwLowDateTime=0xc97b6abc, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xca02a400, ftLastWriteTime.dwHighDateTime=0x1ced525, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.706] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca02a400, ftCreationTime.dwHighDateTime=0x1ced525, ftLastAccessTime.dwLowDateTime=0xc97b6abc, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xca02a400, ftLastWriteTime.dwHighDateTime=0x1ced525, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0211.706] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0211.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0211.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0211.706] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.706] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931", lpFilePart=0x0) returned 0x53 [0211.707] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\*.*" (normalized: "c:\\users\\all users\\package cache\\{cf4c347d-954e-4543-88d2-ec17f07f466f}v14.34.31931\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe5482bce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0211.707] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe5482bce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.707] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.707] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0211.708] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0211.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.708] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931", lpFilePart=0x0) returned 0x53 [0211.708] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\*" (normalized: "c:\\users\\all users\\package cache\\{cf4c347d-954e-4543-88d2-ec17f07f466f}v14.34.31931\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe5482bce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1290f44a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601420 [0211.708] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe5482bce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x1290f44a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.709] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.709] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.709] FindClose (in: hFindFile=0x601420 | out: hFindFile=0x601420) returned 1 [0211.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.709] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\packages", lpFilePart=0x0) returned 0x5c [0211.710] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\packages\\*.*" (normalized: "c:\\users\\all users\\package cache\\{cf4c347d-954e-4543-88d2-ec17f07f466f}v14.34.31931\\packages\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600b80 [0211.710] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.710] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0211.710] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0211.710] FindClose (in: hFindFile=0x600b80 | out: hFindFile=0x600b80) returned 1 [0211.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.711] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\packages", lpFilePart=0x0) returned 0x5c [0211.711] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\packages\\*" (normalized: "c:\\users\\all users\\package cache\\{cf4c347d-954e-4543-88d2-ec17f07f466f}v14.34.31931\\packages\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12935289, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.711] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12935289, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.711] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0211.711] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.712] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.713] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\packages\\vcRuntimeMinimum_amd64", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\packages\\vcRuntimeMinimum_amd64", lpFilePart=0x0) returned 0x73 [0211.713] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\packages\\vcRuntimeMinimum_amd64\\*.*" (normalized: "c:\\users\\all users\\package cache\\{cf4c347d-954e-4543-88d2-ec17f07f466f}v14.34.31931\\packages\\vcruntimeminimum_amd64\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601960 [0211.714] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.714] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2785e00, ftCreationTime.dwHighDateTime=0x1d8d906, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe2785e00, ftLastWriteTime.dwHighDateTime=0x1d8d906, nFileSizeHigh=0x0, nFileSizeLow=0xe497c, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.714] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f445500, ftCreationTime.dwHighDateTime=0x1d8d907, ftLastAccessTime.dwLowDateTime=0xe5482bce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x1f445500, ftLastWriteTime.dwHighDateTime=0x1d8d907, nFileSizeHigh=0x0, nFileSizeLow=0x2d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.714] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.714] FindClose (in: hFindFile=0x601960 | out: hFindFile=0x601960) returned 1 [0211.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0211.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0211.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.714] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\packages\\vcRuntimeMinimum_amd64", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\packages\\vcRuntimeMinimum_amd64", lpFilePart=0x0) returned 0x73 [0211.715] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\packages\\vcRuntimeMinimum_amd64\\*" (normalized: "c:\\users\\all users\\package cache\\{cf4c347d-954e-4543-88d2-ec17f07f466f}v14.34.31931\\packages\\vcruntimeminimum_amd64\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12935289, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0211.715] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12935289, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.715] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2785e00, ftCreationTime.dwHighDateTime=0x1d8d906, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe2785e00, ftLastWriteTime.dwHighDateTime=0x1d8d906, nFileSizeHigh=0x0, nFileSizeLow=0xe497c, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.715] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f445500, ftCreationTime.dwHighDateTime=0x1d8d907, ftLastAccessTime.dwLowDateTime=0xe5482bce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x1f445500, ftLastWriteTime.dwHighDateTime=0x1d8d907, nFileSizeHigh=0x0, nFileSizeLow=0x2d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.715] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f445500, ftCreationTime.dwHighDateTime=0x1d8d907, ftLastAccessTime.dwLowDateTime=0xe5482bce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x1f445500, ftLastWriteTime.dwHighDateTime=0x1d8d907, nFileSizeHigh=0x0, nFileSizeLow=0x2d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0211.715] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0211.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0211.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0211.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.716] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}", lpFilePart=0x0) returned 0x47 [0211.716] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\*.*" (normalized: "c:\\users\\all users\\package cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe53ea2ce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe53ea2ce, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6010c0 [0211.716] FindNextFileW (in: hFindFile=0x6010c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe53ea2ce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe53ea2ce, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.716] FindNextFileW (in: hFindFile=0x6010c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe53ea2ce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe6fedaba, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe6fedaba, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x42c, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0211.716] FindNextFileW (in: hFindFile=0x6010c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe53ea2ce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe4f4b96a, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x9ed48, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0211.717] FindNextFileW (in: hFindFile=0x6010c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.717] FindClose (in: hFindFile=0x6010c0 | out: hFindFile=0x6010c0) returned 1 [0211.717] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.717] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.717] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}", lpFilePart=0x0) returned 0x47 [0211.717] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\*" (normalized: "c:\\users\\all users\\package cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe53ea2ce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12935289, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe53ea2ce, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.718] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe53ea2ce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12935289, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe53ea2ce, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.718] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe53ea2ce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe6fedaba, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe6fedaba, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x42c, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0211.718] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe53ea2ce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe4f4b96a, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x9ed48, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0211.718] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe53ea2ce, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe53ea2ce, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe4f4b96a, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x9ed48, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0 [0211.718] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0211.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.718] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931", lpFilePart=0x0) returned 0x53 [0211.719] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\*.*" (normalized: "c:\\users\\all users\\package cache\\{eae242b1-0a26-485a-bfeb-0292ee9f03cb}v14.34.31931\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600b80 [0211.720] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.720] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.720] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0211.720] FindClose (in: hFindFile=0x600b80 | out: hFindFile=0x600b80) returned 1 [0211.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.720] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931", lpFilePart=0x0) returned 0x53 [0211.720] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\*" (normalized: "c:\\users\\all users\\package cache\\{eae242b1-0a26-485a-bfeb-0292ee9f03cb}v14.34.31931\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12935289, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600c40 [0211.721] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12935289, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.721] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0211.721] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.721] FindClose (in: hFindFile=0x600c40 | out: hFindFile=0x600c40) returned 1 [0211.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.721] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages", lpFilePart=0x0) returned 0x5c [0211.722] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages\\*.*" (normalized: "c:\\users\\all users\\package cache\\{eae242b1-0a26-485a-bfeb-0292ee9f03cb}v14.34.31931\\packages\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0211.722] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.722] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54cf01b, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0211.722] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54cf01b, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0211.722] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0211.722] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.722] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.722] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.722] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages", lpFilePart=0x0) returned 0x5c [0211.723] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages\\*" (normalized: "c:\\users\\all users\\package cache\\{eae242b1-0a26-485a-bfeb-0292ee9f03cb}v14.34.31931\\packages\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12935289, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6017e0 [0211.723] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12935289, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54a8d97, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.723] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54cf01b, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0211.723] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.723] FindClose (in: hFindFile=0x6017e0 | out: hFindFile=0x6017e0) returned 1 [0211.723] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.723] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.723] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.723] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages\\vcRuntimeAdditional_amd64", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages\\vcRuntimeAdditional_amd64", lpFilePart=0x0) returned 0x76 [0211.724] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages\\vcRuntimeAdditional_amd64\\*.*" (normalized: "c:\\users\\all users\\package cache\\{eae242b1-0a26-485a-bfeb-0292ee9f03cb}v14.34.31931\\packages\\vcruntimeadditional_amd64\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54cf01b, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0211.724] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xe54cf01b, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.724] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5adf1f00, ftCreationTime.dwHighDateTime=0x1d8d907, ftLastAccessTime.dwLowDateTime=0xe54cf01b, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x5adf1f00, ftLastWriteTime.dwHighDateTime=0x1d8d907, nFileSizeHigh=0x0, nFileSizeLow=0x56da59, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.724] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad204000, ftCreationTime.dwHighDateTime=0x1d8d907, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xad204000, ftLastWriteTime.dwHighDateTime=0x1d8d907, nFileSizeHigh=0x0, nFileSizeLow=0x2d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.725] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.725] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0211.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0211.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0211.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.726] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages\\vcRuntimeAdditional_amd64", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages\\vcRuntimeAdditional_amd64", lpFilePart=0x0) returned 0x76 [0211.726] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages\\vcRuntimeAdditional_amd64\\*" (normalized: "c:\\users\\all users\\package cache\\{eae242b1-0a26-485a-bfeb-0292ee9f03cb}v14.34.31931\\packages\\vcruntimeadditional_amd64\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12935289, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.726] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe54a8d97, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x12935289, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe54cf01b, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.727] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5adf1f00, ftCreationTime.dwHighDateTime=0x1d8d907, ftLastAccessTime.dwLowDateTime=0xe54cf01b, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x5adf1f00, ftLastWriteTime.dwHighDateTime=0x1d8d907, nFileSizeHigh=0x0, nFileSizeLow=0x56da59, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0211.727] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad204000, ftCreationTime.dwHighDateTime=0x1d8d907, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xad204000, ftLastWriteTime.dwHighDateTime=0x1d8d907, nFileSizeHigh=0x0, nFileSizeLow=0x2d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0211.727] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad204000, ftCreationTime.dwHighDateTime=0x1d8d907, ftLastAccessTime.dwLowDateTime=0xe54a8d97, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0xad204000, ftLastWriteTime.dwHighDateTime=0x1d8d907, nFileSizeHigh=0x0, nFileSizeLow=0x2d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0211.727] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0211.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0211.727] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.727] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages", lpFilePart=0x0) returned 0x1b [0211.727] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\*.*" (normalized: "c:\\users\\all users\\packages\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x85ecf2af, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0211.740] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x85ecf2af, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.740] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x61503b66, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x61503b66, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.549981C3F5F10_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.549")) returned 1 [0211.740] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x86614aba, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x86614aba, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.DesktopAppInstaller_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.DES")) returned 1 [0211.740] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x7638d93d, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x7638d93d, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Getstarted_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.GET")) returned 1 [0211.740] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x732d3946, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Microsoft3DViewer_8wekyb3d8bbwe", cAlternateFileName="MICROS~2.MIC")) returned 1 [0211.740] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x85ecf2af, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x85ecf2af, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.STA")) returned 1 [0211.740] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x6fdc71be, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6fdc71be, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.MIC")) returned 1 [0211.740] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x53ebe4ca, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x53ebe4ca, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MixedReality.Portal_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.POR")) returned 1 [0211.741] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x497a0797, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x497a0797, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Office.OneNote_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.ONE")) returned 1 [0211.741] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x2f64b2b7, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x2f64b2b7, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.SkypeApp_kzf8qxf38zg5c", cAlternateFileName="MICROS~1.SKY")) returned 1 [0211.741] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x2f64b2b7, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x2f64b2b7, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.SkypeApp_kzf8qxf38zg5c", cAlternateFileName="MICROS~1.SKY")) returned 0 [0211.741] FindClose (in: hFindFile=0x600d60 | out: hFindFile=0x600d60) returned 1 [0211.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0211.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0211.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.743] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages", lpFilePart=0x0) returned 0x1b [0211.743] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\*" (normalized: "c:\\users\\all users\\packages\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x129816e3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x85ecf2af, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6015a0 [0211.744] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x129816e3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x85ecf2af, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.744] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x61503b66, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x61503b66, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.549981C3F5F10_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.549")) returned 1 [0211.744] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x86614aba, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x86614aba, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.DesktopAppInstaller_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.DES")) returned 1 [0211.744] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x7638d93d, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x7638d93d, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Getstarted_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.GET")) returned 1 [0211.744] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x732d3946, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Microsoft3DViewer_8wekyb3d8bbwe", cAlternateFileName="MICROS~2.MIC")) returned 1 [0211.745] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x85ecf2af, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x85ecf2af, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.STA")) returned 1 [0211.745] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x6fdc71be, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6fdc71be, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.MIC")) returned 1 [0211.745] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x53ebe4ca, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x53ebe4ca, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MixedReality.Portal_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.POR")) returned 1 [0211.745] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x497a0797, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x497a0797, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Office.OneNote_8wekyb3d8bbwe", cAlternateFileName="MICROS~1.ONE")) returned 1 [0211.745] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x2f64b2b7, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x2f64b2b7, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.SkypeApp_kzf8qxf38zg5c", cAlternateFileName="MICROS~1.SKY")) returned 1 [0211.745] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.745] FindClose (in: hFindFile=0x6015a0 | out: hFindFile=0x6015a0) returned 1 [0211.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0211.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0211.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.746] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.549981C3F5F10_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.549981C3F5F10_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x41 [0211.746] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.549981c3f5f10_8wekyb3d8bbwe\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x61503b66, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x61503b66, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.748] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x61503b66, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x61503b66, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.748] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x42fd05da, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x61503b66, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.748] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x42fd05da, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x61503b66, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0211.748] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.748] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.549981C3F5F10_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.549981C3F5F10_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x41 [0211.749] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.549981c3f5f10_8wekyb3d8bbwe\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x129816e3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x61503b66, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.749] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x129816e3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x61503b66, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.749] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x42fd05da, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x61503b66, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.750] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.750] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.750] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x6f [0211.750] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.549981c3f5f10_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x42fd05da, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x42fd05da, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.750] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x42fd05da, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x42fd05da, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.750] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x42fd05da, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x42fd05da, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.751] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.751] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x6f [0211.751] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.549981c3f5f10_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x129816e3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x42fd05da, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0211.751] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x129816e3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x42fd05da, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.751] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x61503b66, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x129816e3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x42fd05da, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.751] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0211.752] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x47 [0211.752] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.desktopappinstaller_8wekyb3d8bbwe\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x86614aba, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x86614aba, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0211.752] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x86614aba, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x86614aba, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.752] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x521f554e, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x86614aba, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.752] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x521f554e, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x86614aba, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0211.752] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0211.752] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x47 [0211.753] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.desktopappinstaller_8wekyb3d8bbwe\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x129816e3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x86614aba, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.753] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x129816e3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x86614aba, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.753] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x521f554e, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x86614aba, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.753] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.753] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.753] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x75 [0211.754] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.desktopappinstaller_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x521f554e, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x521f554e, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.754] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x521f554e, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x521f554e, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.754] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x521f554e, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x521f554e, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.754] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.754] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x75 [0211.755] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.desktopappinstaller_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x129816e3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x521f554e, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.755] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x129816e3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x521f554e, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.755] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86614aba, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x129816e3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x521f554e, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.755] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.755] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x3e [0211.756] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.getstarted_8wekyb3d8bbwe\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x7638d93d, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x7638d93d, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.758] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x7638d93d, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x7638d93d, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.758] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x7638d93d, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x7638d93d, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.758] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x7638d93d, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x7638d93d, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0211.758] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0211.759] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x3e [0211.759] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.getstarted_8wekyb3d8bbwe\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129a788b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7638d93d, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0211.759] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129a788b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7638d93d, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.759] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x7638d93d, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x7638d93d, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.760] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.760] FindClose (in: hFindFile=0x601000 | out: hFindFile=0x601000) returned 1 [0211.760] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x6c [0211.760] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.getstarted_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x7638d93d, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6c9b8f1f, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0211.761] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x7638d93d, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6c9b8f1f, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.761] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x7638d93d, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6c9b8f1f, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.761] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0211.761] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x6c [0211.762] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.getstarted_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129a788b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6c9b8f1f, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0211.762] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129a788b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6c9b8f1f, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.762] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7638d93d, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129a788b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6c9b8f1f, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.762] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0211.762] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x45 [0211.763] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.microsoft3dviewer_8wekyb3d8bbwe\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x732d3946, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0211.764] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x732d3946, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.764] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x732d3946, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.764] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x732d3946, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0211.764] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0211.765] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x45 [0211.765] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.microsoft3dviewer_8wekyb3d8bbwe\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129a788b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x732d3946, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d00 [0211.765] FindNextFileW (in: hFindFile=0x600d00, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129a788b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x732d3946, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.766] FindNextFileW (in: hFindFile=0x600d00, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x732d3946, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.766] FindNextFileW (in: hFindFile=0x600d00, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.766] FindClose (in: hFindFile=0x600d00 | out: hFindFile=0x600d00) returned 1 [0211.766] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x73 [0211.766] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.microsoft3dviewer_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6e713e6e, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0211.767] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6e713e6e, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.767] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x732d3946, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6e713e6e, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.767] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0211.767] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x73 [0211.768] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.microsoft3dviewer_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129a788b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6e713e6e, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.768] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129a788b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6e713e6e, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.768] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x732d3946, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129a788b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6e713e6e, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.768] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.768] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x48 [0211.769] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.microsoftedge.stable_8wekyb3d8bbwe\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x85ecf2af, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x85ecf2af, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601420 [0211.769] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x85ecf2af, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x85ecf2af, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.769] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x85ecf2af, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x85ecf2af, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.769] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x85ecf2af, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x85ecf2af, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0211.769] FindClose (in: hFindFile=0x601420 | out: hFindFile=0x601420) returned 1 [0211.770] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x48 [0211.771] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.microsoftedge.stable_8wekyb3d8bbwe\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x129a788b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x85ecf2af, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0211.771] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x129a788b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x85ecf2af, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.771] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x85ecf2af, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x85ecf2af, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.771] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.771] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0211.771] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x76 [0211.772] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.microsoftedge.stable_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x85ecf2af, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x82f59a77, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0211.773] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x85ecf2af, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x82f59a77, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.773] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x85ecf2af, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x82f59a77, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.773] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0211.773] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x76 [0211.774] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.microsoftedge.stable_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x129cdade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x82f59a77, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601840 [0211.774] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x129cdade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x82f59a77, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.774] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ecf2af, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x129cdade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x82f59a77, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.774] FindClose (in: hFindFile=0x601840 | out: hFindFile=0x601840) returned 1 [0211.775] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x46 [0211.776] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.microsoftofficehub_8wekyb3d8bbwe\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x6fdc71be, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6fdc71be, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0211.777] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x6fdc71be, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6fdc71be, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.777] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x6fdc71be, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6fdc71be, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.777] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x6fdc71be, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6fdc71be, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0211.777] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0211.777] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x46 [0211.778] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.microsoftofficehub_8wekyb3d8bbwe\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129cdade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6fdc71be, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0211.778] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129cdade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6fdc71be, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.778] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x6fdc71be, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6fdc71be, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.779] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.779] FindClose (in: hFindFile=0x601000 | out: hFindFile=0x601000) returned 1 [0211.779] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x74 [0211.780] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.microsoftofficehub_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x6fdc71be, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6fae5537, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.781] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x6fdc71be, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6fae5537, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.781] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x6fdc71be, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x6fae5537, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.781] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.781] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x74 [0211.782] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.microsoftofficehub_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129cdade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6fae5537, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.782] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129cdade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6fae5537, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.782] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6fdc71be, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129cdade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6fae5537, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.782] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.783] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MixedReality.Portal_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.MixedReality.Portal_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x47 [0211.783] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.mixedreality.portal_8wekyb3d8bbwe\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x53ebe4ca, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x53ebe4ca, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0211.784] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x53ebe4ca, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x53ebe4ca, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.784] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x53ebe4ca, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x53ebe4ca, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.784] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x53ebe4ca, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x53ebe4ca, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0211.784] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0211.784] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MixedReality.Portal_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.MixedReality.Portal_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x47 [0211.785] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.mixedreality.portal_8wekyb3d8bbwe\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129cdade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x53ebe4ca, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600c40 [0211.785] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129cdade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x53ebe4ca, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.785] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x53ebe4ca, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x53ebe4ca, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.785] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.785] FindClose (in: hFindFile=0x600c40 | out: hFindFile=0x600c40) returned 1 [0211.785] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x75 [0211.786] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.mixedreality.portal_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x53ebe4ca, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x72bebcbc, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.786] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x53ebe4ca, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x72bebcbc, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.786] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x53ebe4ca, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x72bebcbc, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.786] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.786] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x75 [0211.787] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.mixedreality.portal_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129cdade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x72bebcbc, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0211.788] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129cdade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x72bebcbc, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.788] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53ebe4ca, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129cdade, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x72bebcbc, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.788] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0211.788] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x42 [0211.789] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.office.onenote_8wekyb3d8bbwe\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x497a0797, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x497a0797, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.789] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x497a0797, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x497a0797, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.790] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x497a0797, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x497a0797, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.790] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x497a0797, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x497a0797, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0211.790] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0211.790] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe", lpFilePart=0x0) returned 0x42 [0211.790] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.office.onenote_8wekyb3d8bbwe\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x497a0797, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0211.791] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x497a0797, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.791] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x497a0797, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x497a0797, ftLastWriteTime.dwHighDateTime=0x1d94214, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.791] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.791] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0211.791] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x70 [0211.791] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.office.onenote_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x497a0797, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x74ea3f64, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0211.792] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x497a0797, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x74ea3f64, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.792] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x497a0797, ftLastAccessTime.dwHighDateTime=0x1d94214, ftLastWriteTime.dwLowDateTime=0x74ea3f64, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.792] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0211.792] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x70 [0211.792] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.office.onenote_8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x74ea3f64, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601420 [0211.792] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x74ea3f64, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.793] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x497a0797, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x74ea3f64, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.793] FindClose (in: hFindFile=0x601420 | out: hFindFile=0x601420) returned 1 [0211.793] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c", lpFilePart=0x0) returned 0x3c [0211.794] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x2f64b2b7, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x2f64b2b7, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0211.794] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x2f64b2b7, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x2f64b2b7, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.794] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x719c4410, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x2f64b2b7, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.794] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x719c4410, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x2f64b2b7, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0211.795] FindClose (in: hFindFile=0x601000 | out: hFindFile=0x601000) returned 1 [0211.795] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c", lpFilePart=0x0) returned 0x3c [0211.795] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x2f64b2b7, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6017e0 [0211.795] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x2f64b2b7, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.795] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x719c4410, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x2f64b2b7, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0211.795] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.795] FindClose (in: hFindFile=0x6017e0 | out: hFindFile=0x6017e0) returned 1 [0211.796] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x6a [0211.796] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\S-1-5-21-245394380-2276627025-4024548581-1000\\*.*" (normalized: "c:\\users\\all users\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\s-1-5-21-245394380-2276627025-4024548581-1000\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x719c4410, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x719c4410, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.796] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x719c4410, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x719c4410, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.796] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x719c4410, ftLastAccessTime.dwHighDateTime=0x1d94212, ftLastWriteTime.dwLowDateTime=0x719c4410, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.796] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.796] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x6a [0211.797] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\S-1-5-21-245394380-2276627025-4024548581-1000\\*" (normalized: "c:\\users\\all users\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\s-1-5-21-245394380-2276627025-4024548581-1000\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x719c4410, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0211.797] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x719c4410, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.797] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f64b2b7, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x719c4410, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.797] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0211.797] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\regid.1991-06.com.microsoft", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\regid.1991-06.com.microsoft", lpFilePart=0x0) returned 0x2e [0211.797] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\regid.1991-06.com.microsoft\\*.*" (normalized: "c:\\users\\all users\\regid.1991-06.com.microsoft\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x330c4fa5, ftLastAccessTime.dwHighDateTime=0x1d9b55e, ftLastWriteTime.dwLowDateTime=0xdbc55661, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.798] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x330c4fa5, ftLastAccessTime.dwHighDateTime=0x1d9b55e, ftLastWriteTime.dwLowDateTime=0xdbc55661, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.798] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8ab9c198, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xdbc55661, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdbc55661, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="regid.1991-06.com.microsoft_Windows-10-Pro.swidtag", cAlternateFileName="REGID1~1.SWI")) returned 1 [0211.798] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.798] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.798] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\regid.1991-06.com.microsoft", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\regid.1991-06.com.microsoft", lpFilePart=0x0) returned 0x2e [0211.799] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\regid.1991-06.com.microsoft\\*" (normalized: "c:\\users\\all users\\regid.1991-06.com.microsoft\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xdbc55661, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.799] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xdbc55661, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.799] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8ab9c198, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xdbc55661, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdbc55661, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="regid.1991-06.com.microsoft_Windows-10-Pro.swidtag", cAlternateFileName="REGID1~1.SWI")) returned 1 [0211.799] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8ab9c198, ftCreationTime.dwHighDateTime=0x1d9425b, ftLastAccessTime.dwLowDateTime=0xdbc55661, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdbc55661, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="regid.1991-06.com.microsoft_Windows-10-Pro.swidtag", cAlternateFileName="REGID1~1.SWI")) returned 0 [0211.799] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.799] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\SoftwareDistribution", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\SoftwareDistribution", lpFilePart=0x0) returned 0x27 [0211.800] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\SoftwareDistribution\\*.*" (normalized: "c:\\users\\all users\\softwaredistribution\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc86967d2, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.801] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc86967d2, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.801] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc86967d2, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.801] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.801] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\SoftwareDistribution", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\SoftwareDistribution", lpFilePart=0x0) returned 0x27 [0211.801] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\SoftwareDistribution\\*" (normalized: "c:\\users\\all users\\softwaredistribution\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0211.802] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.802] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.802] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0211.802] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\ssh", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\ssh", lpFilePart=0x0) returned 0x16 [0211.802] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\ssh\\*.*" (normalized: "c:\\users\\all users\\ssh\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0x3fded3d9, ftLastAccessTime.dwHighDateTime=0x1d61756, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.803] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0x3fded3d9, ftLastAccessTime.dwHighDateTime=0x1d61756, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.803] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0x3fded3d9, ftLastAccessTime.dwHighDateTime=0x1d61756, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.804] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0211.804] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\ssh", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\ssh", lpFilePart=0x0) returned 0x16 [0211.804] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\ssh\\*" (normalized: "c:\\users\\all users\\ssh\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601960 [0211.805] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.805] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0x129f3dcc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.805] FindClose (in: hFindFile=0x601960 | out: hFindFile=0x601960) returned 1 [0211.805] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Start Menu", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Start Menu", lpFilePart=0x0) returned 0x1d [0211.805] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Start Menu\\*.*" (normalized: "c:\\users\\all users\\start menu\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0211.812] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.812] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\USOPrivate", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\USOPrivate", lpFilePart=0x0) returned 0x1d [0211.813] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\USOPrivate\\*.*" (normalized: "c:\\users\\all users\\usoprivate\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9da3e264, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0x9da3e264, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.813] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x9da3e264, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0x9da3e264, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.813] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9da3e264, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x9efef041, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x9efef041, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateStore", cAlternateFileName="UPDATE~1")) returned 1 [0211.813] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9da3e264, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x9efef041, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x9efef041, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateStore", cAlternateFileName="UPDATE~1")) returned 0 [0211.814] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0211.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0211.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0211.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.814] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\USOPrivate", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\USOPrivate", lpFilePart=0x0) returned 0x1d [0211.815] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\USOPrivate\\*" (normalized: "c:\\users\\all users\\usoprivate\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12a1a10e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x9da3e264, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0211.815] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12a1a10e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x9da3e264, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.815] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9da3e264, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x9efef041, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x9efef041, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateStore", cAlternateFileName="UPDATE~1")) returned 1 [0211.815] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.815] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0211.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0211.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0211.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.816] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\USOPrivate\\UpdateStore", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\USOPrivate\\UpdateStore", lpFilePart=0x0) returned 0x29 [0211.816] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\USOPrivate\\UpdateStore\\*.*" (normalized: "c:\\users\\all users\\usoprivate\\updatestore\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9da3e264, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x9efef041, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xf683e33f, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.816] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9da3e264, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x9efef041, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xf683e33f, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.816] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9da3e264, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0xf681854d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf681854d, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0xf000, dwReserved0=0x0, dwReserved1=0x0, cFileName="store.db", cAlternateFileName="")) returned 1 [0211.818] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.818] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.819] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.819] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.820] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\USOPrivate\\UpdateStore", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\USOPrivate\\UpdateStore", lpFilePart=0x0) returned 0x29 [0211.821] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\USOPrivate\\UpdateStore\\*" (normalized: "c:\\users\\all users\\usoprivate\\updatestore\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9da3e264, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x12a1a10e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf683e33f, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.822] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9da3e264, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x12a1a10e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf683e33f, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.822] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9da3e264, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0xf681854d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf681854d, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0xf000, dwReserved0=0x0, dwReserved1=0x0, cFileName="store.db", cAlternateFileName="")) returned 1 [0211.822] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9da3e264, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0xf681854d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf681854d, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0xf000, dwReserved0=0x0, dwReserved1=0x0, cFileName="store.db", cAlternateFileName="")) returned 0 [0211.822] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.823] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\USOShared", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\USOShared", lpFilePart=0x0) returned 0x1c [0211.823] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\USOShared\\*.*" (normalized: "c:\\users\\all users\\usoshared\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc86967d2, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.824] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc86967d2, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.824] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x3fded3d9, ftLastAccessTime.dwHighDateTime=0x1d61756, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Logs", cAlternateFileName="")) returned 1 [0211.824] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x3fded3d9, ftLastAccessTime.dwHighDateTime=0x1d61756, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Logs", cAlternateFileName="")) returned 0 [0211.824] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0211.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0211.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.824] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\USOShared", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\USOShared", lpFilePart=0x0) returned 0x1c [0211.825] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\USOShared\\*" (normalized: "c:\\users\\all users\\usoshared\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12a40543, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.825] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12a40543, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.825] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x3fded3d9, ftLastAccessTime.dwHighDateTime=0x1d61756, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Logs", cAlternateFileName="")) returned 1 [0211.825] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.826] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0211.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0211.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.826] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\USOShared\\Logs", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\USOShared\\Logs", lpFilePart=0x0) returned 0x21 [0211.826] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\USOShared\\Logs\\*.*" (normalized: "c:\\users\\all users\\usoshared\\logs\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x3fded3d9, ftLastAccessTime.dwHighDateTime=0x1d61756, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.827] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x3fded3d9, ftLastAccessTime.dwHighDateTime=0x1d61756, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.827] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xe3e85b1f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe3e85b1f, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 1 [0211.827] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0xd4535f2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x94a1866, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User", cAlternateFileName="")) returned 1 [0211.827] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0xd4535f2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x94a1866, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User", cAlternateFileName="")) returned 0 [0211.827] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.827] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\USOShared\\Logs", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\USOShared\\Logs", lpFilePart=0x0) returned 0x21 [0211.828] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\USOShared\\Logs\\*" (normalized: "c:\\users\\all users\\usoshared\\logs\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12a40543, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6017e0 [0211.828] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12a40543, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3fded3d9, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.828] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xe3e85b1f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe3e85b1f, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 1 [0211.829] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0xd4535f2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x94a1866, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User", cAlternateFileName="")) returned 1 [0211.829] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.829] FindClose (in: hFindFile=0x6017e0 | out: hFindFile=0x6017e0) returned 1 [0211.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.829] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\USOShared\\Logs\\System", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\USOShared\\Logs\\System", lpFilePart=0x0) returned 0x28 [0211.830] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\USOShared\\Logs\\System\\*.*" (normalized: "c:\\users\\all users\\usoshared\\logs\\system\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xe3e85b1f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe3f6a78c, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.830] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xe3e85b1f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe3f6a78c, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.830] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c5775f3, ftCreationTime.dwHighDateTime=0x1d9b55c, ftLastAccessTime.dwLowDateTime=0xa35abece, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xa35abece, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.041fb42d-21c2-446d-9b19-c03786b79311.1.etl", cAlternateFileName="MO6F47~1.ETL")) returned 1 [0211.832] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8092d3d3, ftCreationTime.dwHighDateTime=0x1d942a0, ftLastAccessTime.dwLowDateTime=0x863a08ce, ftLastAccessTime.dwHighDateTime=0x1d942a0, ftLastWriteTime.dwLowDateTime=0x863a08ce, ftLastWriteTime.dwHighDateTime=0x1d942a0, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.049394a6-83ad-4bea-ab91-627e7334bcb1.1.etl", cAlternateFileName="MOUSOC~3.ETL")) returned 1 [0211.833] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe611c3e, ftCreationTime.dwHighDateTime=0x1d9a99e, ftLastAccessTime.dwLowDateTime=0xc2ffbd7a, ftLastAccessTime.dwHighDateTime=0x1d9a99e, ftLastWriteTime.dwLowDateTime=0xc2ffbd7a, ftLastWriteTime.dwHighDateTime=0x1d9a99e, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.0abda92d-d362-462e-87a6-a35eb85d2374.1.etl", cAlternateFileName="MO9ED0~1.ETL")) returned 1 [0211.837] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d4b067, ftCreationTime.dwHighDateTime=0x1d9b55f, ftLastAccessTime.dwLowDateTime=0xd35ed1b, ftLastAccessTime.dwHighDateTime=0x1d9b55f, ftLastWriteTime.dwLowDateTime=0xd35ed1b, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.19f92fa6-27cb-4db7-b9a0-d004f06ceed0.1.etl", cAlternateFileName="MOB47B~1.ETL")) returned 1 [0211.838] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19a4cc56, ftCreationTime.dwHighDateTime=0x1d942a1, ftLastAccessTime.dwLowDateTime=0x1e6e53dd, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0x1e6e53dd, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.1ca3cf83-0e43-413a-bd17-9a20e8a6ef7f.1.etl", cAlternateFileName="MO2352~1.ETL")) returned 1 [0211.840] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa68fef1d, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0xaaade9de, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0xaaade9de, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.1edb7235-6e35-4cdc-a4df-c6ff042a4404.1.etl", cAlternateFileName="MOUSOC~2.ETL")) returned 1 [0211.842] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x890a1029, ftCreationTime.dwHighDateTime=0x1d942a0, ftLastAccessTime.dwLowDateTime=0x8d3afee8, ftLastAccessTime.dwHighDateTime=0x1d942a0, ftLastWriteTime.dwLowDateTime=0x8d3afee8, ftLastWriteTime.dwHighDateTime=0x1d942a0, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.275f4f4e-d7ec-4495-adf3-af326dda4e8c.1.etl", cAlternateFileName="MOUSOC~4.ETL")) returned 1 [0211.843] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf1f26cec, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xf6471429, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xf6471429, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.2d3ba9ef-e9b1-4e8c-a156-e1beae335e42.1.etl", cAlternateFileName="MO31A2~1.ETL")) returned 1 [0211.843] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7eba289a, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0x831d1bc5, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0x831d1bc5, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.369a561a-f062-43ef-a1df-2011cb28d830.1.etl", cAlternateFileName="MO9548~1.ETL")) returned 1 [0211.843] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf633fe12, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xfd2f2d04, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xfd2f2d04, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.3f6a077f-d22e-441b-8888-272d7c52e7b6.1.etl", cAlternateFileName="MOF6D8~1.ETL")) returned 1 [0211.843] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdd51739c, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xe6dadbbc, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xe6dadbbc, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.46188758-41e3-4841-a58f-66369ba283d7.1.etl", cAlternateFileName="MO1A63~1.ETL")) returned 1 [0211.843] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x203916f4, ftCreationTime.dwHighDateTime=0x1d942a2, ftLastAccessTime.dwLowDateTime=0x260b3628, ftLastAccessTime.dwHighDateTime=0x1d942a2, ftLastWriteTime.dwLowDateTime=0x260b3628, ftLastWriteTime.dwHighDateTime=0x1d942a2, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.5bbaa2c1-413e-4bdb-9c4a-ef49bb8a0eef.1.etl", cAlternateFileName="MOF0D1~1.ETL")) returned 1 [0211.843] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa821d3d0, ftCreationTime.dwHighDateTime=0x1d9b55c, ftLastAccessTime.dwLowDateTime=0xabec47fd, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xabec47fd, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.5e9f0f35-c261-4fbb-9287-c68220ad6796.1.etl", cAlternateFileName="MOCAD0~1.ETL")) returned 1 [0211.843] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x16aff6a3, ftCreationTime.dwHighDateTime=0x1d9a99f, ftLastAccessTime.dwLowDateTime=0x1d21e1aa, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x1d21e1aa, ftLastWriteTime.dwHighDateTime=0x1d9a99f, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.67cc9c24-7d55-45a0-b9d2-2e15f5adb661.1.etl", cAlternateFileName="MO7B1A~1.ETL")) returned 1 [0211.844] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf3b483d6, ftCreationTime.dwHighDateTime=0x1d9a99d, ftLastAccessTime.dwLowDateTime=0xfcc917a7, ftLastAccessTime.dwHighDateTime=0x1d9a99d, ftLastWriteTime.dwLowDateTime=0xfcc917a7, ftLastWriteTime.dwHighDateTime=0x1d9a99d, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.949de3f3-4dd7-4297-b312-0fa8a5cb537b.1.etl", cAlternateFileName="MOC39D~1.ETL")) returned 1 [0211.844] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x14118f7e, ftCreationTime.dwHighDateTime=0x1d9a99e, ftLastAccessTime.dwLowDateTime=0x19417b1b, ftLastAccessTime.dwHighDateTime=0x1d9a99e, ftLastWriteTime.dwLowDateTime=0x19417b1b, ftLastWriteTime.dwHighDateTime=0x1d9a99e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.9febe174-f3a2-4c06-bb00-5ed90fcc4e26.1.etl", cAlternateFileName="MO3B09~1.ETL")) returned 1 [0211.844] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9d9cb7ee, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0xa4b31708, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0xa4b31708, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.a7c95735-b40a-4395-9dc8-2e0487654b66.1.etl", cAlternateFileName="MOUSOC~1.ETL")) returned 1 [0211.844] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7c990a7, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xbfdf09ac, ftLastAccessTime.dwHighDateTime=0x1d9767d, ftLastWriteTime.dwLowDateTime=0xbfdf09ac, ftLastWriteTime.dwHighDateTime=0x1d9767d, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.aa537cb6-74e9-4ff9-ba14-3e9f8d3747da.1.etl", cAlternateFileName="MOBF74~1.ETL")) returned 1 [0211.844] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8624f55, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0xe2ae334, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0xe2ae334, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.b6392362-418b-4983-aad2-7a5599c42667.1.etl", cAlternateFileName="MO68D0~1.ETL")) returned 1 [0211.844] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4e59b5d, ftCreationTime.dwHighDateTime=0x1d9630e, ftLastAccessTime.dwLowDateTime=0xca290852, ftLastAccessTime.dwHighDateTime=0x1d9630e, ftLastWriteTime.dwLowDateTime=0xca290852, ftLastWriteTime.dwHighDateTime=0x1d9630e, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.bf7338f1-6627-469e-a056-d55405e78564.1.etl", cAlternateFileName="MOB75D~1.ETL")) returned 1 [0211.845] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb04d4afb, ftCreationTime.dwHighDateTime=0x1d942a1, ftLastAccessTime.dwLowDateTime=0xb6ec70cf, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0xb6ec70cf, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.c1b1f819-d92a-4efc-a66f-4b4f38e92e97.1.etl", cAlternateFileName="MO368C~1.ETL")) returned 1 [0211.845] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a574684, ftCreationTime.dwHighDateTime=0x1d9b55e, ftLastAccessTime.dwLowDateTime=0x8f128257, ftLastAccessTime.dwHighDateTime=0x1d9b55e, ftLastWriteTime.dwLowDateTime=0x8f128257, ftLastWriteTime.dwHighDateTime=0x1d9b55e, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.c28714fa-5b41-4965-ac21-8923d8ca11ab.1.etl", cAlternateFileName="MO4E17~1.ETL")) returned 1 [0211.845] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1b4c07aa, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x42e45678, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0x42e45678, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.ceebc313-810e-4120-b8e4-a70d5b25ecec.1.etl", cAlternateFileName="MO4EBD~1.ETL")) returned 1 [0211.846] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0xe3e85b1f, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe3e85b1f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe3e85b1f, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.d11e3800-c3a4-4273-b371-986efa3e7ae0.1.etl", cAlternateFileName="MOE6FE~1.ETL")) returned 1 [0211.846] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd4230713, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xda1684b8, ftLastAccessTime.dwHighDateTime=0x1d9767d, ftLastWriteTime.dwLowDateTime=0xda1684b8, ftLastWriteTime.dwHighDateTime=0x1d9767d, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.e23e5c5b-7112-4a23-a761-8e8a2cd6df16.1.etl", cAlternateFileName="MOFFE1~1.ETL")) returned 1 [0211.846] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x845b2bd, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0xa94f9c0, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0xa94f9c0, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUxBroker.9b6efe9a-911a-4d80-80c1-731495176dd0.1.etl", cAlternateFileName="NOTIFI~2.ETL")) returned 1 [0211.846] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6b0ea4d, ftCreationTime.dwHighDateTime=0x1d9b55f, ftLastAccessTime.dwLowDateTime=0x9a4b1fa, ftLastAccessTime.dwHighDateTime=0x1d9b55f, ftLastWriteTime.dwLowDateTime=0x9a4b1fa, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUxBroker.9efa21af-b7b4-4c6b-b471-10a4c3d74c2f.1.etl", cAlternateFileName="NOTIFI~4.ETL")) returned 1 [0211.846] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9d8e6c22, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x9f80b771, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0x9f80b771, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUxBroker.b8bf9883-cf50-427e-a2d0-b7eb86974285.1.etl", cAlternateFileName="NOTIFI~1.ETL")) returned 1 [0211.846] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x16aff6a3, ftCreationTime.dwHighDateTime=0x1d9a99f, ftLastAccessTime.dwLowDateTime=0x194de8ee, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x194de8ee, ftLastWriteTime.dwHighDateTime=0x1d9a99f, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUxBroker.de479f88-40e2-42ff-91e9-5628ba765728.1.etl", cAlternateFileName="NOTIFI~3.ETL")) returned 1 [0211.846] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0xdba19871, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xdba19871, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdba19871, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUxBroker.def7c1ec-e0b1-4195-b052-c9aeae8d0f63.1.etl", cAlternateFileName="NO3B71~1.ETL")) returned 1 [0211.846] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdd32739f, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xe998847, ftLastAccessTime.dwHighDateTime=0x1d95651, ftLastWriteTime.dwLowDateTime=0xe998847, ftLastWriteTime.dwHighDateTime=0x1d95651, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.091f3a1c-1ac9-466e-9861-8beb7e3fb40d.1.etl", cAlternateFileName="UPDF2E~1.ETL")) returned 1 [0211.846] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb703acc5, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0x3f5eb314, ftLastAccessTime.dwHighDateTime=0x1d9767f, ftLastWriteTime.dwLowDateTime=0x3f5eb314, ftLastWriteTime.dwHighDateTime=0x1d9767f, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.0d1807f8-9e08-4bf5-8a5c-c54428ba48e9.1.etl", cAlternateFileName="UP32B3~1.ETL")) returned 1 [0211.847] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0x33373806, ftCreationTime.dwHighDateTime=0x1d9b55e, ftLastAccessTime.dwLowDateTime=0x33373806, ftLastAccessTime.dwHighDateTime=0x1d9b55e, ftLastWriteTime.dwLowDateTime=0x33373806, ftLastWriteTime.dwHighDateTime=0x1d9b55e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.19f89a1c-6770-495c-953a-c6f9f1af75be.1.etl", cAlternateFileName="UP281E~1.ETL")) returned 1 [0211.847] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfa074f41, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xaef68ae3, ftLastAccessTime.dwHighDateTime=0x1d94213, ftLastWriteTime.dwLowDateTime=0xaef68ae3, ftLastWriteTime.dwHighDateTime=0x1d94213, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.2f1a7de1-d5b2-4cfd-ab29-2687ac8b218d.1.etl", cAlternateFileName="UPDATE~2.ETL")) returned 1 [0211.847] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61636b2a, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x28589843, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x28589843, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.533170d5-be28-4fd7-aa45-5d27c8ea2094.1.etl", cAlternateFileName="UPDATE~3.ETL")) returned 1 [0211.847] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x116a1566, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0xb171be3d, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0xb171be3d, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.55b5d71c-f2f7-4712-87f7-c75fe712170e.1.etl", cAlternateFileName="UP44E1~1.ETL")) returned 1 [0211.847] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf36371e7, ftCreationTime.dwHighDateTime=0x1d9a99d, ftLastAccessTime.dwLowDateTime=0x8d262504, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x8d262504, ftLastWriteTime.dwHighDateTime=0x1d9a99f, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.564e7fd7-9769-4d45-8368-96a56f6de4a7.1.etl", cAlternateFileName="UP7F10~1.ETL")) returned 1 [0211.847] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x200bcad7, ftCreationTime.dwHighDateTime=0x1d942a2, ftLastAccessTime.dwLowDateTime=0x2f926a52, ftLastAccessTime.dwHighDateTime=0x1d942a2, ftLastWriteTime.dwLowDateTime=0x2f926a52, ftLastWriteTime.dwHighDateTime=0x1d942a2, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.7c9ff45e-a860-46a4-9274-04c1638ced81.1.etl", cAlternateFileName="UPDC4C~1.ETL")) returned 1 [0211.848] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x16a8a919, ftCreationTime.dwHighDateTime=0x1d942b2, ftLastAccessTime.dwLowDateTime=0x1de05688, ftLastAccessTime.dwHighDateTime=0x1d942b2, ftLastWriteTime.dwLowDateTime=0x1de05688, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.9c2a3bf2-b6c9-465f-bf25-5edd408af5c6.1.etl", cAlternateFileName="UPAA8C~1.ETL")) returned 1 [0211.848] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c3f9e52, ftCreationTime.dwHighDateTime=0x1d9b55c, ftLastAccessTime.dwLowDateTime=0xaf5319be, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xaf5319be, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.a8237c17-8e25-49d1-baf0-f067578211ec.1.etl", cAlternateFileName="UP7E66~1.ETL")) returned 1 [0211.848] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa3a6cdb4, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xd1271637, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xd1271637, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.af0edc42-f07d-4a73-8e3b-088bf7438c49.1.etl", cAlternateFileName="UPDATE~4.ETL")) returned 1 [0211.849] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4cdc370, ftCreationTime.dwHighDateTime=0x1d9630e, ftLastAccessTime.dwLowDateTime=0xca290852, ftLastAccessTime.dwHighDateTime=0x1d9630e, ftLastWriteTime.dwLowDateTime=0xca290852, ftLastWriteTime.dwHighDateTime=0x1d9630e, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.b7728164-1be3-4155-9a63-db3832571f6a.1.etl", cAlternateFileName="UPEDEB~1.ETL")) returned 1 [0211.849] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7296e522, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9dcaddda, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x9dcaddda, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.c273e930-5893-4011-aea4-2e7a96a9bebb.1.etl", cAlternateFileName="UPDATE~1.ETL")) returned 1 [0211.849] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8029ec4a, ftCreationTime.dwHighDateTime=0x1d942a0, ftLastAccessTime.dwLowDateTime=0xe02cadb9, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0xe02cadb9, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.e92857bd-b2e1-42df-b8ac-8f5ac4e444e8.1.etl", cAlternateFileName="UP1BE6~1.ETL")) returned 1 [0211.849] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6dfa06e0, ftCreationTime.dwHighDateTime=0x1d94217, ftLastAccessTime.dwLowDateTime=0xe4372ad1, ftLastAccessTime.dwHighDateTime=0x1d94217, ftLastWriteTime.dwLowDateTime=0xe4372ad1, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.fd2baf34-db53-44bb-8c2d-0a670814393f.1.etl", cAlternateFileName="UP9687~1.ETL")) returned 1 [0211.849] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0xe3f6a78c, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe3f6a78c, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe3f6a78c, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.039e2540-3d91-4a35-8289-1ebd042199b8.1.etl", cAlternateFileName="WUAB83~1.ETL")) returned 1 [0211.849] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf1f26cec, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xf69ce67a, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xf69ce67a, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.3281a430-90a4-40af-a6c7-d02ed7cde178.1.etl", cAlternateFileName="WUB2D9~1.ETL")) returned 1 [0211.850] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x890a1029, ftCreationTime.dwHighDateTime=0x1d942a0, ftLastAccessTime.dwLowDateTime=0x8d6aa330, ftLastAccessTime.dwHighDateTime=0x1d942a0, ftLastWriteTime.dwLowDateTime=0x8d6aa330, ftLastWriteTime.dwHighDateTime=0x1d942a0, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.32e3f843-2fcf-4029-bb97-750bf85d6bd1.1.etl", cAlternateFileName="WUPROV~4.ETL")) returned 1 [0211.852] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7c990a7, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xc00eb8b5, ftLastAccessTime.dwHighDateTime=0x1d9767d, ftLastWriteTime.dwLowDateTime=0xc00eb8b5, ftLastWriteTime.dwHighDateTime=0x1d9767d, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.46140ab9-098c-4f41-8c02-972703b9c7a6.1.etl", cAlternateFileName="WUF046~1.ETL")) returned 1 [0211.852] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a574684, ftCreationTime.dwHighDateTime=0x1d9b55e, ftLastAccessTime.dwLowDateTime=0x8f449370, ftLastAccessTime.dwHighDateTime=0x1d9b55e, ftLastWriteTime.dwLowDateTime=0x8f449370, ftLastWriteTime.dwHighDateTime=0x1d9b55e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.4cc1015d-f946-4321-82d7-e4254999c0ef.1.etl", cAlternateFileName="WUC15B~1.ETL")) returned 1 [0211.852] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa8243511, ftCreationTime.dwHighDateTime=0x1d9b55c, ftLastAccessTime.dwLowDateTime=0xac1bf54d, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xac1bf54d, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.4e7a6fdc-10fa-4252-b984-61db082bb3c2.1.etl", cAlternateFileName="WU3C7F~1.ETL")) returned 1 [0211.852] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdd51739c, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xe716758f, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xe716758f, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.4f5d4d43-45cf-485f-95aa-73d9e63f11a7.1.etl", cAlternateFileName="WUCFD6~1.ETL")) returned 1 [0211.852] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd4230713, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xda4895fc, ftLastAccessTime.dwHighDateTime=0x1d9767d, ftLastWriteTime.dwLowDateTime=0xda4895fc, ftLastWriteTime.dwHighDateTime=0x1d9767d, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.6aa2a6a3-a703-499e-aa1e-aa5f552fe3c0.1.etl", cAlternateFileName="WUAC96~1.ETL")) returned 1 [0211.852] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x16aff6a3, ftCreationTime.dwHighDateTime=0x1d9a99f, ftLastAccessTime.dwLowDateTime=0x1d518f6d, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x1d518f6d, ftLastWriteTime.dwHighDateTime=0x1d9a99f, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.76e0b601-1f7f-4a81-85fd-c18bc1169ffe.1.etl", cAlternateFileName="WU368F~1.ETL")) returned 1 [0211.853] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1b4f1938, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x44073771, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0x44073771, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.78007ce4-ee55-48ed-acdb-d96607387330.1.etl", cAlternateFileName="WU4C39~1.ETL")) returned 1 [0211.853] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9d9cb7ee, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0xa4e2c699, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0xa4e2c699, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.892e08ae-1644-4ccf-aa04-b79f3a2d5b93.1.etl", cAlternateFileName="WUPROV~1.ETL")) returned 1 [0211.853] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf3b483d6, ftCreationTime.dwHighDateTime=0x1d9a99d, ftLastAccessTime.dwLowDateTime=0xfd025029, ftLastAccessTime.dwHighDateTime=0x1d9a99d, ftLastWriteTime.dwLowDateTime=0xfd025029, ftLastWriteTime.dwHighDateTime=0x1d9a99d, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.97cf1c97-d47c-4197-a1cd-c8c780ada02c.1.etl", cAlternateFileName="WU9729~1.ETL")) returned 1 [0211.853] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe611c3e, ftCreationTime.dwHighDateTime=0x1d9a99e, ftLastAccessTime.dwLowDateTime=0xc32f6dd2, ftLastAccessTime.dwHighDateTime=0x1d9a99e, ftLastWriteTime.dwLowDateTime=0xc32f6dd2, ftLastWriteTime.dwHighDateTime=0x1d9a99e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.98e31f01-97a3-4094-8bdf-02446795a1a3.1.etl", cAlternateFileName="WU05B9~1.ETL")) returned 1 [0211.853] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa68fef1d, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0xaadda949, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0xaadda949, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.9b39073d-d672-41af-a7a0-6d0e9dc5ee9f.1.etl", cAlternateFileName="WUPROV~2.ETL")) returned 1 [0211.854] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19a4cc56, ftCreationTime.dwHighDateTime=0x1d942a1, ftLastAccessTime.dwLowDateTime=0x1e9dff93, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0x1e9dff93, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.a7f18856-ef96-474b-9f51-50bac4674871.1.etl", cAlternateFileName="WU5F49~1.ETL")) returned 1 [0211.854] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8092d3d3, ftCreationTime.dwHighDateTime=0x1d942a0, ftLastAccessTime.dwLowDateTime=0x866e7b04, ftLastAccessTime.dwHighDateTime=0x1d942a0, ftLastWriteTime.dwLowDateTime=0x866e7b04, ftLastWriteTime.dwHighDateTime=0x1d942a0, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.b0e7d1a8-1fb0-43bb-8036-d0e50e46dfc8.1.etl", cAlternateFileName="WUPROV~3.ETL")) returned 1 [0211.854] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x14118f7e, ftCreationTime.dwHighDateTime=0x1d9a99e, ftLastAccessTime.dwLowDateTime=0x19712c29, ftLastAccessTime.dwHighDateTime=0x1d9a99e, ftLastWriteTime.dwLowDateTime=0x19712c29, ftLastWriteTime.dwHighDateTime=0x1d9a99e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.ba8158b7-04ae-4163-a87b-776d5d27abc5.1.etl", cAlternateFileName="WU9ADB~1.ETL")) returned 1 [0211.854] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf638c621, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xfd5edf60, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xfd5edf60, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.c2b0d7a6-9b6f-41a6-9e7e-c398c001e18e.1.etl", cAlternateFileName="WUD4A3~1.ETL")) returned 1 [0211.854] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7ebc8af4, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0x834ccab5, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0x834ccab5, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.ce1bca5e-3e6b-4bc6-89fd-e88651508c2a.1.etl", cAlternateFileName="WUF58D~1.ETL")) returned 1 [0211.854] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d4b067, ftCreationTime.dwHighDateTime=0x1d9b55f, ftLastAccessTime.dwLowDateTime=0xd659a9b, ftLastAccessTime.dwHighDateTime=0x1d9b55f, ftLastWriteTime.dwLowDateTime=0xd659a9b, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.da8c22b2-ab18-4e92-9ea3-4548afdcf0f4.1.etl", cAlternateFileName="WUC4F3~1.ETL")) returned 1 [0211.854] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8624f55, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0xe5a9247, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0xe5a9247, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.de35fe65-e895-4c38-80a5-c07bf9a854d7.1.etl", cAlternateFileName="WU535B~1.ETL")) returned 1 [0211.854] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4e59b5d, ftCreationTime.dwHighDateTime=0x1d9630e, ftLastAccessTime.dwLowDateTime=0xca58b762, ftLastAccessTime.dwHighDateTime=0x1d9630e, ftLastWriteTime.dwLowDateTime=0xca58b762, ftLastWriteTime.dwHighDateTime=0x1d9630e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.e6dfcc1f-7393-4fc0-9568-e23788482ca9.1.etl", cAlternateFileName="WU44A6~1.ETL")) returned 1 [0211.855] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x203916f4, ftCreationTime.dwHighDateTime=0x1d942a2, ftLastAccessTime.dwLowDateTime=0x263d5339, ftLastAccessTime.dwHighDateTime=0x1d942a2, ftLastWriteTime.dwLowDateTime=0x263d5339, ftLastWriteTime.dwHighDateTime=0x1d942a2, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.ea8001fb-a5f1-44d8-821b-54028183a38e.1.etl", cAlternateFileName="WU0ADF~1.ETL")) returned 1 [0211.855] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c59d72a, ftCreationTime.dwHighDateTime=0x1d9b55c, ftLastAccessTime.dwLowDateTime=0xa38a6d79, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xa38a6d79, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.f6c7a0bb-57dd-466d-83c2-15eca7a451c8.1.etl", cAlternateFileName="WU7457~1.ETL")) returned 1 [0211.855] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb04d4afb, ftCreationTime.dwHighDateTime=0x1d942a1, ftLastAccessTime.dwLowDateTime=0xb71c20a8, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0xb71c20a8, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.f7bce64a-73db-4067-9074-d6a0702c2175.1.etl", cAlternateFileName="WU9424~1.ETL")) returned 1 [0211.855] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.855] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.856] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\USOShared\\Logs\\System", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\USOShared\\Logs\\System", lpFilePart=0x0) returned 0x28 [0211.856] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\USOShared\\Logs\\System\\*" (normalized: "c:\\users\\all users\\usoshared\\logs\\system\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12a8c9cc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe3f6a78c, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0211.857] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12a8c9cc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xe3f6a78c, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.857] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c5775f3, ftCreationTime.dwHighDateTime=0x1d9b55c, ftLastAccessTime.dwLowDateTime=0xa35abece, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xa35abece, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.041fb42d-21c2-446d-9b19-c03786b79311.1.etl", cAlternateFileName="MO6F47~1.ETL")) returned 1 [0211.857] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8092d3d3, ftCreationTime.dwHighDateTime=0x1d942a0, ftLastAccessTime.dwLowDateTime=0x863a08ce, ftLastAccessTime.dwHighDateTime=0x1d942a0, ftLastWriteTime.dwLowDateTime=0x863a08ce, ftLastWriteTime.dwHighDateTime=0x1d942a0, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.049394a6-83ad-4bea-ab91-627e7334bcb1.1.etl", cAlternateFileName="MOUSOC~3.ETL")) returned 1 [0211.857] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe611c3e, ftCreationTime.dwHighDateTime=0x1d9a99e, ftLastAccessTime.dwLowDateTime=0xc2ffbd7a, ftLastAccessTime.dwHighDateTime=0x1d9a99e, ftLastWriteTime.dwLowDateTime=0xc2ffbd7a, ftLastWriteTime.dwHighDateTime=0x1d9a99e, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.0abda92d-d362-462e-87a6-a35eb85d2374.1.etl", cAlternateFileName="MO9ED0~1.ETL")) returned 1 [0211.857] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d4b067, ftCreationTime.dwHighDateTime=0x1d9b55f, ftLastAccessTime.dwLowDateTime=0xd35ed1b, ftLastAccessTime.dwHighDateTime=0x1d9b55f, ftLastWriteTime.dwLowDateTime=0xd35ed1b, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.19f92fa6-27cb-4db7-b9a0-d004f06ceed0.1.etl", cAlternateFileName="MOB47B~1.ETL")) returned 1 [0211.857] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19a4cc56, ftCreationTime.dwHighDateTime=0x1d942a1, ftLastAccessTime.dwLowDateTime=0x1e6e53dd, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0x1e6e53dd, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.1ca3cf83-0e43-413a-bd17-9a20e8a6ef7f.1.etl", cAlternateFileName="MO2352~1.ETL")) returned 1 [0211.858] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa68fef1d, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0xaaade9de, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0xaaade9de, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.1edb7235-6e35-4cdc-a4df-c6ff042a4404.1.etl", cAlternateFileName="MOUSOC~2.ETL")) returned 1 [0211.858] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x890a1029, ftCreationTime.dwHighDateTime=0x1d942a0, ftLastAccessTime.dwLowDateTime=0x8d3afee8, ftLastAccessTime.dwHighDateTime=0x1d942a0, ftLastWriteTime.dwLowDateTime=0x8d3afee8, ftLastWriteTime.dwHighDateTime=0x1d942a0, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.275f4f4e-d7ec-4495-adf3-af326dda4e8c.1.etl", cAlternateFileName="MOUSOC~4.ETL")) returned 1 [0211.858] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf1f26cec, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xf6471429, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xf6471429, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.2d3ba9ef-e9b1-4e8c-a156-e1beae335e42.1.etl", cAlternateFileName="MO31A2~1.ETL")) returned 1 [0211.858] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7eba289a, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0x831d1bc5, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0x831d1bc5, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.369a561a-f062-43ef-a1df-2011cb28d830.1.etl", cAlternateFileName="MO9548~1.ETL")) returned 1 [0211.858] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf633fe12, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xfd2f2d04, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xfd2f2d04, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.3f6a077f-d22e-441b-8888-272d7c52e7b6.1.etl", cAlternateFileName="MOF6D8~1.ETL")) returned 1 [0211.858] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdd51739c, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xe6dadbbc, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xe6dadbbc, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.46188758-41e3-4841-a58f-66369ba283d7.1.etl", cAlternateFileName="MO1A63~1.ETL")) returned 1 [0211.858] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x203916f4, ftCreationTime.dwHighDateTime=0x1d942a2, ftLastAccessTime.dwLowDateTime=0x260b3628, ftLastAccessTime.dwHighDateTime=0x1d942a2, ftLastWriteTime.dwLowDateTime=0x260b3628, ftLastWriteTime.dwHighDateTime=0x1d942a2, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.5bbaa2c1-413e-4bdb-9c4a-ef49bb8a0eef.1.etl", cAlternateFileName="MOF0D1~1.ETL")) returned 1 [0211.858] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa821d3d0, ftCreationTime.dwHighDateTime=0x1d9b55c, ftLastAccessTime.dwLowDateTime=0xabec47fd, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xabec47fd, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.5e9f0f35-c261-4fbb-9287-c68220ad6796.1.etl", cAlternateFileName="MOCAD0~1.ETL")) returned 1 [0211.858] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x16aff6a3, ftCreationTime.dwHighDateTime=0x1d9a99f, ftLastAccessTime.dwLowDateTime=0x1d21e1aa, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x1d21e1aa, ftLastWriteTime.dwHighDateTime=0x1d9a99f, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.67cc9c24-7d55-45a0-b9d2-2e15f5adb661.1.etl", cAlternateFileName="MO7B1A~1.ETL")) returned 1 [0211.858] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf3b483d6, ftCreationTime.dwHighDateTime=0x1d9a99d, ftLastAccessTime.dwLowDateTime=0xfcc917a7, ftLastAccessTime.dwHighDateTime=0x1d9a99d, ftLastWriteTime.dwLowDateTime=0xfcc917a7, ftLastWriteTime.dwHighDateTime=0x1d9a99d, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.949de3f3-4dd7-4297-b312-0fa8a5cb537b.1.etl", cAlternateFileName="MOC39D~1.ETL")) returned 1 [0211.858] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x14118f7e, ftCreationTime.dwHighDateTime=0x1d9a99e, ftLastAccessTime.dwLowDateTime=0x19417b1b, ftLastAccessTime.dwHighDateTime=0x1d9a99e, ftLastWriteTime.dwLowDateTime=0x19417b1b, ftLastWriteTime.dwHighDateTime=0x1d9a99e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.9febe174-f3a2-4c06-bb00-5ed90fcc4e26.1.etl", cAlternateFileName="MO3B09~1.ETL")) returned 1 [0211.858] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9d9cb7ee, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0xa4b31708, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0xa4b31708, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.a7c95735-b40a-4395-9dc8-2e0487654b66.1.etl", cAlternateFileName="MOUSOC~1.ETL")) returned 1 [0211.859] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7c990a7, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xbfdf09ac, ftLastAccessTime.dwHighDateTime=0x1d9767d, ftLastWriteTime.dwLowDateTime=0xbfdf09ac, ftLastWriteTime.dwHighDateTime=0x1d9767d, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.aa537cb6-74e9-4ff9-ba14-3e9f8d3747da.1.etl", cAlternateFileName="MOBF74~1.ETL")) returned 1 [0211.859] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8624f55, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0xe2ae334, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0xe2ae334, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.b6392362-418b-4983-aad2-7a5599c42667.1.etl", cAlternateFileName="MO68D0~1.ETL")) returned 1 [0211.859] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4e59b5d, ftCreationTime.dwHighDateTime=0x1d9630e, ftLastAccessTime.dwLowDateTime=0xca290852, ftLastAccessTime.dwHighDateTime=0x1d9630e, ftLastWriteTime.dwLowDateTime=0xca290852, ftLastWriteTime.dwHighDateTime=0x1d9630e, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.bf7338f1-6627-469e-a056-d55405e78564.1.etl", cAlternateFileName="MOB75D~1.ETL")) returned 1 [0211.859] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb04d4afb, ftCreationTime.dwHighDateTime=0x1d942a1, ftLastAccessTime.dwLowDateTime=0xb6ec70cf, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0xb6ec70cf, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.c1b1f819-d92a-4efc-a66f-4b4f38e92e97.1.etl", cAlternateFileName="MO368C~1.ETL")) returned 1 [0211.859] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a574684, ftCreationTime.dwHighDateTime=0x1d9b55e, ftLastAccessTime.dwLowDateTime=0x8f128257, ftLastAccessTime.dwHighDateTime=0x1d9b55e, ftLastWriteTime.dwLowDateTime=0x8f128257, ftLastWriteTime.dwHighDateTime=0x1d9b55e, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.c28714fa-5b41-4965-ac21-8923d8ca11ab.1.etl", cAlternateFileName="MO4E17~1.ETL")) returned 1 [0211.859] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1b4c07aa, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x42e45678, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0x42e45678, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.ceebc313-810e-4120-b8e4-a70d5b25ecec.1.etl", cAlternateFileName="MO4EBD~1.ETL")) returned 1 [0211.859] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0xe3e85b1f, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe3e85b1f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe3e85b1f, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.d11e3800-c3a4-4273-b371-986efa3e7ae0.1.etl", cAlternateFileName="MOE6FE~1.ETL")) returned 1 [0211.859] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd4230713, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xda1684b8, ftLastAccessTime.dwHighDateTime=0x1d9767d, ftLastWriteTime.dwLowDateTime=0xda1684b8, ftLastWriteTime.dwHighDateTime=0x1d9767d, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MoUsoCoreWorker.e23e5c5b-7112-4a23-a761-8e8a2cd6df16.1.etl", cAlternateFileName="MOFFE1~1.ETL")) returned 1 [0211.859] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x845b2bd, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0xa94f9c0, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0xa94f9c0, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUxBroker.9b6efe9a-911a-4d80-80c1-731495176dd0.1.etl", cAlternateFileName="NOTIFI~2.ETL")) returned 1 [0211.860] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6b0ea4d, ftCreationTime.dwHighDateTime=0x1d9b55f, ftLastAccessTime.dwLowDateTime=0x9a4b1fa, ftLastAccessTime.dwHighDateTime=0x1d9b55f, ftLastWriteTime.dwLowDateTime=0x9a4b1fa, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUxBroker.9efa21af-b7b4-4c6b-b471-10a4c3d74c2f.1.etl", cAlternateFileName="NOTIFI~4.ETL")) returned 1 [0211.860] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9d8e6c22, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x9f80b771, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0x9f80b771, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUxBroker.b8bf9883-cf50-427e-a2d0-b7eb86974285.1.etl", cAlternateFileName="NOTIFI~1.ETL")) returned 1 [0211.860] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x16aff6a3, ftCreationTime.dwHighDateTime=0x1d9a99f, ftLastAccessTime.dwLowDateTime=0x194de8ee, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x194de8ee, ftLastWriteTime.dwHighDateTime=0x1d9a99f, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUxBroker.de479f88-40e2-42ff-91e9-5628ba765728.1.etl", cAlternateFileName="NOTIFI~3.ETL")) returned 1 [0211.860] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0xdba19871, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xdba19871, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdba19871, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUxBroker.def7c1ec-e0b1-4195-b052-c9aeae8d0f63.1.etl", cAlternateFileName="NO3B71~1.ETL")) returned 1 [0211.860] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdd32739f, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xe998847, ftLastAccessTime.dwHighDateTime=0x1d95651, ftLastWriteTime.dwLowDateTime=0xe998847, ftLastWriteTime.dwHighDateTime=0x1d95651, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.091f3a1c-1ac9-466e-9861-8beb7e3fb40d.1.etl", cAlternateFileName="UPDF2E~1.ETL")) returned 1 [0211.860] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb703acc5, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0x3f5eb314, ftLastAccessTime.dwHighDateTime=0x1d9767f, ftLastWriteTime.dwLowDateTime=0x3f5eb314, ftLastWriteTime.dwHighDateTime=0x1d9767f, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.0d1807f8-9e08-4bf5-8a5c-c54428ba48e9.1.etl", cAlternateFileName="UP32B3~1.ETL")) returned 1 [0211.860] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0x33373806, ftCreationTime.dwHighDateTime=0x1d9b55e, ftLastAccessTime.dwLowDateTime=0x33373806, ftLastAccessTime.dwHighDateTime=0x1d9b55e, ftLastWriteTime.dwLowDateTime=0x33373806, ftLastWriteTime.dwHighDateTime=0x1d9b55e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.19f89a1c-6770-495c-953a-c6f9f1af75be.1.etl", cAlternateFileName="UP281E~1.ETL")) returned 1 [0211.860] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfa074f41, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xaef68ae3, ftLastAccessTime.dwHighDateTime=0x1d94213, ftLastWriteTime.dwLowDateTime=0xaef68ae3, ftLastWriteTime.dwHighDateTime=0x1d94213, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.2f1a7de1-d5b2-4cfd-ab29-2687ac8b218d.1.etl", cAlternateFileName="UPDATE~2.ETL")) returned 1 [0211.860] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61636b2a, ftCreationTime.dwHighDateTime=0x1d94214, ftLastAccessTime.dwLowDateTime=0x28589843, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x28589843, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.533170d5-be28-4fd7-aa45-5d27c8ea2094.1.etl", cAlternateFileName="UPDATE~3.ETL")) returned 1 [0211.860] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x116a1566, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0xb171be3d, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0xb171be3d, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.55b5d71c-f2f7-4712-87f7-c75fe712170e.1.etl", cAlternateFileName="UP44E1~1.ETL")) returned 1 [0211.860] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf36371e7, ftCreationTime.dwHighDateTime=0x1d9a99d, ftLastAccessTime.dwLowDateTime=0x8d262504, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x8d262504, ftLastWriteTime.dwHighDateTime=0x1d9a99f, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.564e7fd7-9769-4d45-8368-96a56f6de4a7.1.etl", cAlternateFileName="UP7F10~1.ETL")) returned 1 [0211.861] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x200bcad7, ftCreationTime.dwHighDateTime=0x1d942a2, ftLastAccessTime.dwLowDateTime=0x2f926a52, ftLastAccessTime.dwHighDateTime=0x1d942a2, ftLastWriteTime.dwLowDateTime=0x2f926a52, ftLastWriteTime.dwHighDateTime=0x1d942a2, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.7c9ff45e-a860-46a4-9274-04c1638ced81.1.etl", cAlternateFileName="UPDC4C~1.ETL")) returned 1 [0211.861] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x16a8a919, ftCreationTime.dwHighDateTime=0x1d942b2, ftLastAccessTime.dwLowDateTime=0x1de05688, ftLastAccessTime.dwHighDateTime=0x1d942b2, ftLastWriteTime.dwLowDateTime=0x1de05688, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.9c2a3bf2-b6c9-465f-bf25-5edd408af5c6.1.etl", cAlternateFileName="UPAA8C~1.ETL")) returned 1 [0211.861] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c3f9e52, ftCreationTime.dwHighDateTime=0x1d9b55c, ftLastAccessTime.dwLowDateTime=0xaf5319be, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xaf5319be, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.a8237c17-8e25-49d1-baf0-f067578211ec.1.etl", cAlternateFileName="UP7E66~1.ETL")) returned 1 [0211.861] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa3a6cdb4, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0xd1271637, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xd1271637, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.af0edc42-f07d-4a73-8e3b-088bf7438c49.1.etl", cAlternateFileName="UPDATE~4.ETL")) returned 1 [0211.861] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4cdc370, ftCreationTime.dwHighDateTime=0x1d9630e, ftLastAccessTime.dwLowDateTime=0xca290852, ftLastAccessTime.dwHighDateTime=0x1d9630e, ftLastWriteTime.dwLowDateTime=0xca290852, ftLastWriteTime.dwHighDateTime=0x1d9630e, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.b7728164-1be3-4155-9a63-db3832571f6a.1.etl", cAlternateFileName="UPEDEB~1.ETL")) returned 1 [0211.861] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7296e522, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9dcaddda, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x9dcaddda, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.c273e930-5893-4011-aea4-2e7a96a9bebb.1.etl", cAlternateFileName="UPDATE~1.ETL")) returned 1 [0211.861] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8029ec4a, ftCreationTime.dwHighDateTime=0x1d942a0, ftLastAccessTime.dwLowDateTime=0xe02cadb9, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0xe02cadb9, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.e92857bd-b2e1-42df-b8ac-8f5ac4e444e8.1.etl", cAlternateFileName="UP1BE6~1.ETL")) returned 1 [0211.861] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6dfa06e0, ftCreationTime.dwHighDateTime=0x1d94217, ftLastAccessTime.dwLowDateTime=0xe4372ad1, ftLastAccessTime.dwHighDateTime=0x1d94217, ftLastWriteTime.dwLowDateTime=0xe4372ad1, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateSessionOrchestration.fd2baf34-db53-44bb-8c2d-0a670814393f.1.etl", cAlternateFileName="UP9687~1.ETL")) returned 1 [0211.861] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0xe3f6a78c, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe3f6a78c, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe3f6a78c, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.039e2540-3d91-4a35-8289-1ebd042199b8.1.etl", cAlternateFileName="WUAB83~1.ETL")) returned 1 [0211.861] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf1f26cec, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xf69ce67a, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xf69ce67a, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.3281a430-90a4-40af-a6c7-d02ed7cde178.1.etl", cAlternateFileName="WUB2D9~1.ETL")) returned 1 [0211.861] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x890a1029, ftCreationTime.dwHighDateTime=0x1d942a0, ftLastAccessTime.dwLowDateTime=0x8d6aa330, ftLastAccessTime.dwHighDateTime=0x1d942a0, ftLastWriteTime.dwLowDateTime=0x8d6aa330, ftLastWriteTime.dwHighDateTime=0x1d942a0, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.32e3f843-2fcf-4029-bb97-750bf85d6bd1.1.etl", cAlternateFileName="WUPROV~4.ETL")) returned 1 [0211.861] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7c990a7, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xc00eb8b5, ftLastAccessTime.dwHighDateTime=0x1d9767d, ftLastWriteTime.dwLowDateTime=0xc00eb8b5, ftLastWriteTime.dwHighDateTime=0x1d9767d, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.46140ab9-098c-4f41-8c02-972703b9c7a6.1.etl", cAlternateFileName="WUF046~1.ETL")) returned 1 [0211.861] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a574684, ftCreationTime.dwHighDateTime=0x1d9b55e, ftLastAccessTime.dwLowDateTime=0x8f449370, ftLastAccessTime.dwHighDateTime=0x1d9b55e, ftLastWriteTime.dwLowDateTime=0x8f449370, ftLastWriteTime.dwHighDateTime=0x1d9b55e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.4cc1015d-f946-4321-82d7-e4254999c0ef.1.etl", cAlternateFileName="WUC15B~1.ETL")) returned 1 [0211.862] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa8243511, ftCreationTime.dwHighDateTime=0x1d9b55c, ftLastAccessTime.dwLowDateTime=0xac1bf54d, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xac1bf54d, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.4e7a6fdc-10fa-4252-b984-61db082bb3c2.1.etl", cAlternateFileName="WU3C7F~1.ETL")) returned 1 [0211.862] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdd51739c, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xe716758f, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xe716758f, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.4f5d4d43-45cf-485f-95aa-73d9e63f11a7.1.etl", cAlternateFileName="WUCFD6~1.ETL")) returned 1 [0211.862] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd4230713, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xda4895fc, ftLastAccessTime.dwHighDateTime=0x1d9767d, ftLastWriteTime.dwLowDateTime=0xda4895fc, ftLastWriteTime.dwHighDateTime=0x1d9767d, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.6aa2a6a3-a703-499e-aa1e-aa5f552fe3c0.1.etl", cAlternateFileName="WUAC96~1.ETL")) returned 1 [0211.862] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x16aff6a3, ftCreationTime.dwHighDateTime=0x1d9a99f, ftLastAccessTime.dwLowDateTime=0x1d518f6d, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x1d518f6d, ftLastWriteTime.dwHighDateTime=0x1d9a99f, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.76e0b601-1f7f-4a81-85fd-c18bc1169ffe.1.etl", cAlternateFileName="WU368F~1.ETL")) returned 1 [0211.862] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1b4f1938, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x44073771, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0x44073771, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.78007ce4-ee55-48ed-acdb-d96607387330.1.etl", cAlternateFileName="WU4C39~1.ETL")) returned 1 [0211.862] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9d9cb7ee, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0xa4e2c699, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0xa4e2c699, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.892e08ae-1644-4ccf-aa04-b79f3a2d5b93.1.etl", cAlternateFileName="WUPROV~1.ETL")) returned 1 [0211.862] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf3b483d6, ftCreationTime.dwHighDateTime=0x1d9a99d, ftLastAccessTime.dwLowDateTime=0xfd025029, ftLastAccessTime.dwHighDateTime=0x1d9a99d, ftLastWriteTime.dwLowDateTime=0xfd025029, ftLastWriteTime.dwHighDateTime=0x1d9a99d, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.97cf1c97-d47c-4197-a1cd-c8c780ada02c.1.etl", cAlternateFileName="WU9729~1.ETL")) returned 1 [0211.862] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe611c3e, ftCreationTime.dwHighDateTime=0x1d9a99e, ftLastAccessTime.dwLowDateTime=0xc32f6dd2, ftLastAccessTime.dwHighDateTime=0x1d9a99e, ftLastWriteTime.dwLowDateTime=0xc32f6dd2, ftLastWriteTime.dwHighDateTime=0x1d9a99e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.98e31f01-97a3-4094-8bdf-02446795a1a3.1.etl", cAlternateFileName="WU05B9~1.ETL")) returned 1 [0211.862] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa68fef1d, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0xaadda949, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0xaadda949, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.9b39073d-d672-41af-a7a0-6d0e9dc5ee9f.1.etl", cAlternateFileName="WUPROV~2.ETL")) returned 1 [0211.863] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19a4cc56, ftCreationTime.dwHighDateTime=0x1d942a1, ftLastAccessTime.dwLowDateTime=0x1e9dff93, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0x1e9dff93, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.a7f18856-ef96-474b-9f51-50bac4674871.1.etl", cAlternateFileName="WU5F49~1.ETL")) returned 1 [0211.863] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8092d3d3, ftCreationTime.dwHighDateTime=0x1d942a0, ftLastAccessTime.dwLowDateTime=0x866e7b04, ftLastAccessTime.dwHighDateTime=0x1d942a0, ftLastWriteTime.dwLowDateTime=0x866e7b04, ftLastWriteTime.dwHighDateTime=0x1d942a0, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.b0e7d1a8-1fb0-43bb-8036-d0e50e46dfc8.1.etl", cAlternateFileName="WUPROV~3.ETL")) returned 1 [0211.863] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x14118f7e, ftCreationTime.dwHighDateTime=0x1d9a99e, ftLastAccessTime.dwLowDateTime=0x19712c29, ftLastAccessTime.dwHighDateTime=0x1d9a99e, ftLastWriteTime.dwLowDateTime=0x19712c29, ftLastWriteTime.dwHighDateTime=0x1d9a99e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.ba8158b7-04ae-4163-a87b-776d5d27abc5.1.etl", cAlternateFileName="WU9ADB~1.ETL")) returned 1 [0211.863] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf638c621, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xfd5edf60, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xfd5edf60, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.c2b0d7a6-9b6f-41a6-9e7e-c398c001e18e.1.etl", cAlternateFileName="WUD4A3~1.ETL")) returned 1 [0211.863] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7ebc8af4, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0x834ccab5, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0x834ccab5, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.ce1bca5e-3e6b-4bc6-89fd-e88651508c2a.1.etl", cAlternateFileName="WUF58D~1.ETL")) returned 1 [0211.863] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d4b067, ftCreationTime.dwHighDateTime=0x1d9b55f, ftLastAccessTime.dwLowDateTime=0xd659a9b, ftLastAccessTime.dwHighDateTime=0x1d9b55f, ftLastWriteTime.dwLowDateTime=0xd659a9b, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.da8c22b2-ab18-4e92-9ea3-4548afdcf0f4.1.etl", cAlternateFileName="WUC4F3~1.ETL")) returned 1 [0211.863] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8624f55, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0xe5a9247, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0xe5a9247, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.de35fe65-e895-4c38-80a5-c07bf9a854d7.1.etl", cAlternateFileName="WU535B~1.ETL")) returned 1 [0211.863] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4e59b5d, ftCreationTime.dwHighDateTime=0x1d9630e, ftLastAccessTime.dwLowDateTime=0xca58b762, ftLastAccessTime.dwHighDateTime=0x1d9630e, ftLastWriteTime.dwLowDateTime=0xca58b762, ftLastWriteTime.dwHighDateTime=0x1d9630e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.e6dfcc1f-7393-4fc0-9568-e23788482ca9.1.etl", cAlternateFileName="WU44A6~1.ETL")) returned 1 [0211.863] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x203916f4, ftCreationTime.dwHighDateTime=0x1d942a2, ftLastAccessTime.dwLowDateTime=0x263d5339, ftLastAccessTime.dwHighDateTime=0x1d942a2, ftLastWriteTime.dwLowDateTime=0x263d5339, ftLastWriteTime.dwHighDateTime=0x1d942a2, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.ea8001fb-a5f1-44d8-821b-54028183a38e.1.etl", cAlternateFileName="WU0ADF~1.ETL")) returned 1 [0211.863] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c59d72a, ftCreationTime.dwHighDateTime=0x1d9b55c, ftLastAccessTime.dwLowDateTime=0xa38a6d79, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xa38a6d79, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.f6c7a0bb-57dd-466d-83c2-15eca7a451c8.1.etl", cAlternateFileName="WU7457~1.ETL")) returned 1 [0211.863] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb04d4afb, ftCreationTime.dwHighDateTime=0x1d942a1, ftLastAccessTime.dwLowDateTime=0xb71c20a8, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0xb71c20a8, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.f7bce64a-73db-4067-9074-d6a0702c2175.1.etl", cAlternateFileName="WU9424~1.ETL")) returned 1 [0211.863] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb04d4afb, ftCreationTime.dwHighDateTime=0x1d942a1, ftLastAccessTime.dwLowDateTime=0xb71c20a8, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0xb71c20a8, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WuProvider.f7bce64a-73db-4067-9074-d6a0702c2175.1.etl", cAlternateFileName="WU9424~1.ETL")) returned 0 [0211.864] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0211.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.864] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\USOShared\\Logs\\User", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\USOShared\\Logs\\User", lpFilePart=0x0) returned 0x26 [0211.865] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\USOShared\\Logs\\User\\*.*" (normalized: "c:\\users\\all users\\usoshared\\logs\\user\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0xd4535f2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x108e31f1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.865] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0xd4535f2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x108e31f1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.866] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8ffaa83, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0x912bd81, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0x912bd81, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUx.08717b80-99b6-4f56-ac9a-87e0d9e274ca.1.etl", cAlternateFileName="NOTIFI~2.ETL")) returned 1 [0211.866] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a0d6b0, ftCreationTime.dwHighDateTime=0x1d9b55f, ftLastAccessTime.dwLowDateTime=0x8d083d8, ftLastAccessTime.dwHighDateTime=0x1d9b55f, ftLastWriteTime.dwLowDateTime=0x8d083d8, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUx.25012010-3c6c-4eae-a3ff-d9cec04f4dcf.1.etl", cAlternateFileName="NOTIFI~4.ETL")) returned 1 [0211.866] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1885a455, ftCreationTime.dwHighDateTime=0x1d9a99f, ftLastAccessTime.dwLowDateTime=0x189fecb6, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x189fecb6, ftLastWriteTime.dwHighDateTime=0x1d9a99f, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUx.75030211-9520-4700-a64c-07c20a2837ed.1.etl", cAlternateFileName="NOTIFI~3.ETL")) returned 1 [0211.867] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9e7f38e5, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x9e8b24cb, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0x9e8b24cb, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUx.c9c42ed2-effb-4a72-a6c2-e03c217d1902.1.etl", cAlternateFileName="NOTIFI~1.ETL")) returned 1 [0211.867] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0xd4535f2, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xd4535f2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd4535f2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUx.d708f38a-e619-4442-9d64-a8f27d266162.1.etl", cAlternateFileName="NOAD99~1.ETL")) returned 1 [0211.867] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x194de8ee, ftCreationTime.dwHighDateTime=0x1d9a99f, ftLastAccessTime.dwLowDateTime=0x19930c6b, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x19930c6b, ftLastWriteTime.dwHighDateTime=0x1d9a99f, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotifyIcon.2944d9b2-6297-4fb8-9e3c-3d395b897b3d.1.etl", cAlternateFileName="NOTIFY~3.ETL")) returned 1 [0211.867] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f857cdd, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x9f8ca38d, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0x9f8ca38d, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotifyIcon.c473f0a7-ead1-4cb3-b58d-efc61e862a24.1.etl", cAlternateFileName="NOTIFY~1.ETL")) returned 1 [0211.867] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa464cb5, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0xa9e83d6, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0xa9e83d6, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotifyIcon.d7fc2398-1362-4473-9e05-0b58cb5dbf0f.1.etl", cAlternateFileName="NOTIFY~2.ETL")) returned 1 [0211.867] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x94a1866, ftCreationTime.dwHighDateTime=0x1d9b55f, ftLastAccessTime.dwLowDateTime=0x9ae3bf7, ftLastAccessTime.dwHighDateTime=0x1d9b55f, ftLastWriteTime.dwLowDateTime=0x9ae3bf7, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotifyIcon.e552afb3-45d9-4e7d-bda0-3988d9820878.1.etl", cAlternateFileName="NOTIFY~4.ETL")) returned 1 [0211.867] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdcfb9e54, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xdf0f4960, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xdf0f4960, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateUx.06fa1018-649b-4764-9ded-5512cca85b37.1.etl", cAlternateFileName="UPDATE~4.ETL")) returned 1 [0211.868] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8003ccfc, ftCreationTime.dwHighDateTime=0x1d942a0, ftLastAccessTime.dwLowDateTime=0x82983462, ftLastAccessTime.dwHighDateTime=0x1d942a0, ftLastWriteTime.dwLowDateTime=0x82983462, ftLastWriteTime.dwHighDateTime=0x1d942a0, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateUx.53421227-2d39-4add-ae60-1a977b6ea03c.1.etl", cAlternateFileName="UPDATE~1.ETL")) returned 1 [0211.868] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb01b378c, ftCreationTime.dwHighDateTime=0x1d942a1, ftLastAccessTime.dwLowDateTime=0xb2dcf0b5, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0xb2dcf0b5, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateUx.66119a18-2d8d-4a66-aed8-4cbdd77959dc.1.etl", cAlternateFileName="UPDATE~2.ETL")) returned 1 [0211.868] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf5bccbe1, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xf8b09171, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xf8b09171, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateUx.a18befe4-7d1c-4d7f-a8c0-523ecad334e7.1.etl", cAlternateFileName="UPDD58~1.ETL")) returned 1 [0211.868] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fd757d0, ftCreationTime.dwHighDateTime=0x1d942a2, ftLastAccessTime.dwLowDateTime=0x221f7687, ftLastAccessTime.dwHighDateTime=0x1d942a2, ftLastWriteTime.dwLowDateTime=0x221f7687, ftLastWriteTime.dwHighDateTime=0x1d942a2, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateUx.fc177f2c-8897-4c99-905d-aea06ca65070.1.etl", cAlternateFileName="UPDATE~3.ETL")) returned 1 [0211.869] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.869] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0211.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.870] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\USOShared\\Logs\\User", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\USOShared\\Logs\\User", lpFilePart=0x0) returned 0x26 [0211.870] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\USOShared\\Logs\\User\\*" (normalized: "c:\\users\\all users\\usoshared\\logs\\user\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0x12ab2c69, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x108e31f1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0211.871] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fded3d9, ftCreationTime.dwHighDateTime=0x1d61756, ftLastAccessTime.dwLowDateTime=0x12ab2c69, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x108e31f1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.871] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8ffaa83, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0x912bd81, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0x912bd81, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUx.08717b80-99b6-4f56-ac9a-87e0d9e274ca.1.etl", cAlternateFileName="NOTIFI~2.ETL")) returned 1 [0211.871] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a0d6b0, ftCreationTime.dwHighDateTime=0x1d9b55f, ftLastAccessTime.dwLowDateTime=0x8d083d8, ftLastAccessTime.dwHighDateTime=0x1d9b55f, ftLastWriteTime.dwLowDateTime=0x8d083d8, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUx.25012010-3c6c-4eae-a3ff-d9cec04f4dcf.1.etl", cAlternateFileName="NOTIFI~4.ETL")) returned 1 [0211.871] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1885a455, ftCreationTime.dwHighDateTime=0x1d9a99f, ftLastAccessTime.dwLowDateTime=0x189fecb6, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x189fecb6, ftLastWriteTime.dwHighDateTime=0x1d9a99f, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUx.75030211-9520-4700-a64c-07c20a2837ed.1.etl", cAlternateFileName="NOTIFI~3.ETL")) returned 1 [0211.871] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9e7f38e5, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x9e8b24cb, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0x9e8b24cb, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUx.c9c42ed2-effb-4a72-a6c2-e03c217d1902.1.etl", cAlternateFileName="NOTIFI~1.ETL")) returned 1 [0211.871] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0xd4535f2, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xd4535f2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd4535f2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotificationUx.d708f38a-e619-4442-9d64-a8f27d266162.1.etl", cAlternateFileName="NOAD99~1.ETL")) returned 1 [0211.871] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x194de8ee, ftCreationTime.dwHighDateTime=0x1d9a99f, ftLastAccessTime.dwLowDateTime=0x19930c6b, ftLastAccessTime.dwHighDateTime=0x1d9a99f, ftLastWriteTime.dwLowDateTime=0x19930c6b, ftLastWriteTime.dwHighDateTime=0x1d9a99f, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotifyIcon.2944d9b2-6297-4fb8-9e3c-3d395b897b3d.1.etl", cAlternateFileName="NOTIFY~3.ETL")) returned 1 [0211.871] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f857cdd, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x9f8ca38d, ftLastAccessTime.dwHighDateTime=0x1d9429b, ftLastWriteTime.dwLowDateTime=0x9f8ca38d, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotifyIcon.c473f0a7-ead1-4cb3-b58d-efc61e862a24.1.etl", cAlternateFileName="NOTIFY~1.ETL")) returned 1 [0211.871] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa464cb5, ftCreationTime.dwHighDateTime=0x1d9767e, ftLastAccessTime.dwLowDateTime=0xa9e83d6, ftLastAccessTime.dwHighDateTime=0x1d9767e, ftLastWriteTime.dwLowDateTime=0xa9e83d6, ftLastWriteTime.dwHighDateTime=0x1d9767e, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotifyIcon.d7fc2398-1362-4473-9e05-0b58cb5dbf0f.1.etl", cAlternateFileName="NOTIFY~2.ETL")) returned 1 [0211.871] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x94a1866, ftCreationTime.dwHighDateTime=0x1d9b55f, ftLastAccessTime.dwLowDateTime=0x9ae3bf7, ftLastAccessTime.dwHighDateTime=0x1d9b55f, ftLastWriteTime.dwLowDateTime=0x9ae3bf7, ftLastWriteTime.dwHighDateTime=0x1d9b55f, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NotifyIcon.e552afb3-45d9-4e7d-bda0-3988d9820878.1.etl", cAlternateFileName="NOTIFY~4.ETL")) returned 1 [0211.871] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdcfb9e54, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xdf0f4960, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xdf0f4960, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateUx.06fa1018-649b-4764-9ded-5512cca85b37.1.etl", cAlternateFileName="UPDATE~4.ETL")) returned 1 [0211.871] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8003ccfc, ftCreationTime.dwHighDateTime=0x1d942a0, ftLastAccessTime.dwLowDateTime=0x82983462, ftLastAccessTime.dwHighDateTime=0x1d942a0, ftLastWriteTime.dwLowDateTime=0x82983462, ftLastWriteTime.dwHighDateTime=0x1d942a0, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateUx.53421227-2d39-4add-ae60-1a977b6ea03c.1.etl", cAlternateFileName="UPDATE~1.ETL")) returned 1 [0211.871] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb01b378c, ftCreationTime.dwHighDateTime=0x1d942a1, ftLastAccessTime.dwLowDateTime=0xb2dcf0b5, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0xb2dcf0b5, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateUx.66119a18-2d8d-4a66-aed8-4cbdd77959dc.1.etl", cAlternateFileName="UPDATE~2.ETL")) returned 1 [0211.872] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf5bccbe1, ftCreationTime.dwHighDateTime=0x1d95650, ftLastAccessTime.dwLowDateTime=0xf8b09171, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xf8b09171, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateUx.a18befe4-7d1c-4d7f-a8c0-523ecad334e7.1.etl", cAlternateFileName="UPDD58~1.ETL")) returned 1 [0211.872] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fd757d0, ftCreationTime.dwHighDateTime=0x1d942a2, ftLastAccessTime.dwLowDateTime=0x221f7687, ftLastAccessTime.dwHighDateTime=0x1d942a2, ftLastWriteTime.dwLowDateTime=0x221f7687, ftLastWriteTime.dwHighDateTime=0x1d942a2, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateUx.fc177f2c-8897-4c99-905d-aea06ca65070.1.etl", cAlternateFileName="UPDATE~3.ETL")) returned 1 [0211.872] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fd757d0, ftCreationTime.dwHighDateTime=0x1d942a2, ftLastAccessTime.dwLowDateTime=0x221f7687, ftLastAccessTime.dwHighDateTime=0x1d942a2, ftLastWriteTime.dwLowDateTime=0x221f7687, ftLastWriteTime.dwHighDateTime=0x1d942a2, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UpdateUx.fc177f2c-8897-4c99-905d-aea06ca65070.1.etl", cAlternateFileName="UPDATE~3.ETL")) returned 0 [0211.872] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0211.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.872] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\WindowsHolographicDevices", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\WindowsHolographicDevices", lpFilePart=0x0) returned 0x2c [0211.873] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\WindowsHolographicDevices\\*.*" (normalized: "c:\\users\\all users\\windowsholographicdevices\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0211.873] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.873] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SpatialStore", cAlternateFileName="SPATIA~1")) returned 1 [0211.873] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SpatialStore", cAlternateFileName="SPATIA~1")) returned 0 [0211.873] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0211.873] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0211.873] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0211.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.874] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\WindowsHolographicDevices", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\WindowsHolographicDevices", lpFilePart=0x0) returned 0x2c [0211.874] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\WindowsHolographicDevices\\*" (normalized: "c:\\users\\all users\\windowsholographicdevices\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x12ab2c69, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.874] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x12ab2c69, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.874] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SpatialStore", cAlternateFileName="SPATIA~1")) returned 1 [0211.874] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.874] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0211.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0211.875] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.875] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\WindowsHolographicDevices\\SpatialStore", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\WindowsHolographicDevices\\SpatialStore", lpFilePart=0x0) returned 0x39 [0211.875] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\WindowsHolographicDevices\\SpatialStore\\*.*" (normalized: "c:\\users\\all users\\windowsholographicdevices\\spatialstore\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601960 [0211.875] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.875] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x6d6a498, ftLastAccessTime.dwHighDateTime=0x1d5ace4, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.875] FindClose (in: hFindFile=0x601960 | out: hFindFile=0x601960) returned 1 [0211.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.876] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\WindowsHolographicDevices\\SpatialStore", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\WindowsHolographicDevices\\SpatialStore", lpFilePart=0x0) returned 0x39 [0211.876] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\WindowsHolographicDevices\\SpatialStore\\*" (normalized: "c:\\users\\all users\\windowsholographicdevices\\spatialstore\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x12ab2c69, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0211.876] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x12ab2c69, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.876] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d6a498, ftCreationTime.dwHighDateTime=0x1d5ace4, ftLastAccessTime.dwLowDateTime=0x12ab2c69, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6d6a498, ftLastWriteTime.dwHighDateTime=0x1d5ace4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.877] FindClose (in: hFindFile=0x600d60 | out: hFindFile=0x600d60) returned 1 [0211.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.877] GetFullPathNameW (in: lpFileName="C:\\Users\\Default", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default", lpFilePart=0x0) returned 0x10 [0211.877] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*.*" (normalized: "c:\\users\\default\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0211.878] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.878] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0211.878] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81152ca7, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81152ca7, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0211.878] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81178c05, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81178c05, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0211.878] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x7990aebb, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0211.878] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0211.879] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0211.879] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0211.879] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0211.879] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81178c05, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81178c05, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0211.879] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0211.879] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81152ca7, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81152ca7, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0211.879] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81178c05, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81178c05, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0211.879] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a7365ba, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x804b354c, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0211.879] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3a86a02b, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x3a86a02b, ftLastAccessTime.dwHighDateTime=0x1d5acdd, ftLastWriteTime.dwLowDateTime=0x3a86a02b, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0xe000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG1", cAlternateFileName="")) returned 1 [0211.879] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3a86a02b, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x4f050e5b, ftLastAccessTime.dwHighDateTime=0x1d9425b, ftLastWriteTime.dwLowDateTime=0x3a86a02b, ftLastWriteTime.dwHighDateTime=0x1d5acdd, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG2", cAlternateFileName="")) returned 1 [0211.879] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x803ce8b1, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x8041ad54, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x8041ad54, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0211.879] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x803f4a5d, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x803f4a5d, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x803f4a5d, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0211.879] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x803f4a5d, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x803f4a5d, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x803f4a5d, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0211.881] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0211.881] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81178c05, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81178c05, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0211.881] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81178c05, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81178c05, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0211.881] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="")) returned 1 [0211.881] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81178c05, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81178c05, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0211.882] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81178c05, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81178c05, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0211.882] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81178c05, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81178c05, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0211.882] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0211.882] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0211.882] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0211.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0211.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0211.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0211.883] GetFullPathNameW (in: lpFileName="C:\\Users\\Default", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default", lpFilePart=0x0) returned 0x10 [0211.883] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*" (normalized: "c:\\users\\default\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x12ad8e8d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.883] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x12ad8e8d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.883] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0211.883] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81152ca7, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81152ca7, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0211.884] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81178c05, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81178c05, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81178c05, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0211.884] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x7990aebb, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0211.884] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0211.884] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0211.884] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0211.884] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0211.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0211.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0211.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.887] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*.*" (normalized: "c:\\users\\default\\appdata\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0211.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0211.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0211.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.889] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*" (normalized: "c:\\users\\default\\appdata\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12ad8e8d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0211.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0211.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0211.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.889] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xf901863, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0211.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0211.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0211.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0211.890] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12ad8e8d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf901863, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0211.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0211.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.892] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xf901863, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0211.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0211.893] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0211.893] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12ad8e8d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf901863, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0211.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0211.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.894] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xf901863, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0211.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0211.895] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0211.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.895] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12ad8e8d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf901863, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.895] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0211.895] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0211.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.896] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xce8a6a8c, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.896] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0211.896] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0211.896] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.899] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12ad8e8d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xce8a6a8c, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0211.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0211.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.900] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0211.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0211.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0211.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0211.906] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12b000cb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0211.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0211.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0211.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.910] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\CloudStore\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cloudstore\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0211.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0211.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0211.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.924] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\CloudStore\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cloudstore\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12b3c947, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0211.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0211.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.925] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0211.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0211.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.926] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12b3c947, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0211.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0211.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0211.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.927] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0211.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0211.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.929] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12b3c947, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0211.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0211.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.929] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601840 [0211.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0211.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0211.930] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.930] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12b4b3e2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0211.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0211.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0211.930] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.931] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc8f3b581, ftLastWriteTime.dwHighDateTime=0x1d5ace3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0211.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0211.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.936] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12b4b3e2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc8f3b581, ftLastWriteTime.dwHighDateTime=0x1d5ace3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0211.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0211.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0211.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.940] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0211.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0211.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0211.941] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12b4b3e2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0211.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0211.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0211.941] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\*.*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x5316e1c3, ftLastAccessTime.dwHighDateTime=0x1d94217, ftLastWriteTime.dwLowDateTime=0x5316e1c3, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce818) returned 1 [0211.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea68) returned 1 [0211.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0211.946] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12b7166b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x5316e1c3, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce788) returned 1 [0211.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce9a8) returned 1 [0211.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0211.949] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x402fe65a, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce718) returned 1 [0211.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce968) returned 1 [0211.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0211.951] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12b7166b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x402fe65a, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0211.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce688) returned 1 [0211.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce8a8) returned 1 [0211.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0211.952] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x402fe65a, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0211.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce718) returned 1 [0211.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce968) returned 1 [0211.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0211.953] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12b7166b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x402fe65a, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce688) returned 1 [0211.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce8a8) returned 1 [0211.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0211.954] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b733fd, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0211.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce718) returned 1 [0211.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce968) returned 1 [0211.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0211.955] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12b7166b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9b733fd, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0211.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce688) returned 1 [0211.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce8a8) returned 1 [0211.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0211.956] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b733fd, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0211.963] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce718) returned 1 [0211.963] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce968) returned 1 [0211.963] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0211.964] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12b98780, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9b733fd, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0211.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce688) returned 1 [0211.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce8a8) returned 1 [0211.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0211.967] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\*.*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0211.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce718) returned 1 [0211.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce968) returned 1 [0211.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0211.968] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\*" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12b98780, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0211.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce688) returned 1 [0211.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce8a8) returned 1 [0211.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.969] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Application Data\\*.*" (normalized: "c:\\users\\default\\application data\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0211.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0211.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.976] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Cookies", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Cookies", lpFilePart=0x0) returned 0x18 [0211.977] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Cookies\\*.*" (normalized: "c:\\users\\default\\cookies\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0211.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0211.984] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.984] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Desktop", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Desktop", lpFilePart=0x0) returned 0x18 [0211.985] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*.*" (normalized: "c:\\users\\default\\desktop\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x7990aebb, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.986] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x7990aebb, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.986] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x7990aebb, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.986] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0211.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0211.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.987] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Desktop", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Desktop", lpFilePart=0x0) returned 0x18 [0211.988] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*" (normalized: "c:\\users\\default\\desktop\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12bbe0dd, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0211.988] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12bbe0dd, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.988] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12bbe0dd, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0211.988] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0211.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0211.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0211.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.989] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents", lpFilePart=0x0) returned 0x1a [0211.990] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*.*" (normalized: "c:\\users\\default\\documents\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601840 [0211.995] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.995] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81152ca7, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81152ca7, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0211.995] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81152ca7, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81152ca7, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0211.995] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81152ca7, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81152ca7, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0211.995] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81152ca7, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81152ca7, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0211.995] FindClose (in: hFindFile=0x601840 | out: hFindFile=0x601840) returned 1 [0211.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0211.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0211.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0211.997] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents", lpFilePart=0x0) returned 0x1a [0211.998] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*" (normalized: "c:\\users\\default\\documents\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12be6367, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0212.000] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12be6367, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.000] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81152ca7, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81152ca7, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0212.000] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81152ca7, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81152ca7, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0212.000] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x81152ca7, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x81152ca7, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x81152ca7, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0212.000] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.000] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0212.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.002] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents\\My Music", lpFilePart=0x0) returned 0x23 [0212.003] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*.*" (normalized: "c:\\users\\default\\documents\\my music\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.007] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb58) returned 1 [0212.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.014] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents\\My Pictures", lpFilePart=0x0) returned 0x26 [0212.014] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*.*" (normalized: "c:\\users\\default\\documents\\my pictures\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb58) returned 1 [0212.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.026] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents\\My Videos", lpFilePart=0x0) returned 0x24 [0212.027] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*.*" (normalized: "c:\\users\\default\\documents\\my videos\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb58) returned 1 [0212.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.037] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Downloads", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Downloads", lpFilePart=0x0) returned 0x1a [0212.040] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*.*" (normalized: "c:\\users\\default\\downloads\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.040] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.040] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.040] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0212.041] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.041] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.041] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.041] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Downloads", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Downloads", lpFilePart=0x0) returned 0x1a [0212.042] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*" (normalized: "c:\\users\\default\\downloads\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12c57133, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601840 [0212.042] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12c57133, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.042] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12c57133, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.042] FindClose (in: hFindFile=0x601840 | out: hFindFile=0x601840) returned 1 [0212.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.043] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites", lpFilePart=0x0) returned 0x1a [0212.044] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*.*" (normalized: "c:\\users\\default\\favorites\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.044] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.044] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.044] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0212.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.045] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites", lpFilePart=0x0) returned 0x1a [0212.045] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*" (normalized: "c:\\users\\default\\favorites\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12c57133, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6017e0 [0212.046] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12c57133, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.046] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12c57133, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.046] FindClose (in: hFindFile=0x6017e0 | out: hFindFile=0x6017e0) returned 1 [0212.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.046] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links", lpFilePart=0x0) returned 0x16 [0212.047] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Links\\*.*" (normalized: "c:\\users\\default\\links\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0212.048] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.048] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.048] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0212.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.049] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.049] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links", lpFilePart=0x0) returned 0x16 [0212.050] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Links\\*" (normalized: "c:\\users\\default\\links\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12c57133, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.050] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12c57133, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.050] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12c57133, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.050] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0212.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.051] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.051] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.051] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Music", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Music", lpFilePart=0x0) returned 0x16 [0212.052] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Music\\*.*" (normalized: "c:\\users\\default\\music\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.052] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.053] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.053] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.053] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.054] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Music", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Music", lpFilePart=0x0) returned 0x16 [0212.055] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Music\\*" (normalized: "c:\\users\\default\\music\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12c57133, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.055] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12c57133, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.056] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12c57133, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.056] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0212.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.056] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.056] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\My Documents", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\My Documents", lpFilePart=0x0) returned 0x1d [0212.057] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\My Documents\\*.*" (normalized: "c:\\users\\default\\my documents\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.064] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NetHood", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NetHood", lpFilePart=0x0) returned 0x18 [0212.064] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\NetHood\\*.*" (normalized: "c:\\users\\default\\nethood\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.072] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.073] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Pictures", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Pictures", lpFilePart=0x0) returned 0x19 [0212.073] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Pictures\\*.*" (normalized: "c:\\users\\default\\pictures\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0212.074] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.074] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.074] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0212.074] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.074] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.074] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.075] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Pictures", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Pictures", lpFilePart=0x0) returned 0x19 [0212.075] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Pictures\\*" (normalized: "c:\\users\\default\\pictures\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12ca2c6e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0212.076] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12ca2c6e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.076] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12ca2c6e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.076] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0212.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.076] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\PrintHood", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\PrintHood", lpFilePart=0x0) returned 0x1a [0212.077] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\PrintHood\\*.*" (normalized: "c:\\users\\default\\printhood\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.085] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Recent", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Recent", lpFilePart=0x0) returned 0x17 [0212.086] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Recent\\*.*" (normalized: "c:\\users\\default\\recent\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.092] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Saved Games", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Saved Games", lpFilePart=0x0) returned 0x1c [0212.092] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*.*" (normalized: "c:\\users\\default\\saved games\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0212.093] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.093] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.093] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0212.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.093] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.093] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Saved Games", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Saved Games", lpFilePart=0x0) returned 0x1c [0212.094] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*" (normalized: "c:\\users\\default\\saved games\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12cc8d4a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600c40 [0212.094] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12cc8d4a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.094] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12cc8d4a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.094] FindClose (in: hFindFile=0x600c40 | out: hFindFile=0x600c40) returned 1 [0212.094] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.095] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\SendTo", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\SendTo", lpFilePart=0x0) returned 0x17 [0212.096] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\SendTo\\*.*" (normalized: "c:\\users\\default\\sendto\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.103] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Start Menu", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Start Menu", lpFilePart=0x0) returned 0x1b [0212.103] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Start Menu\\*.*" (normalized: "c:\\users\\default\\start menu\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.109] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Videos", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Videos", lpFilePart=0x0) returned 0x17 [0212.110] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Videos\\*.*" (normalized: "c:\\users\\default\\videos\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.111] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.111] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x32835e7c, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.111] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.112] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Videos", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Videos", lpFilePart=0x0) returned 0x17 [0212.113] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Videos\\*" (normalized: "c:\\users\\default\\videos\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12cef011, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0212.113] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12cef011, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.113] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x12cef011, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.113] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0212.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0212.114] GetFullPathNameW (in: lpFileName="C:\\Users\\Default User", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default User", lpFilePart=0x0) returned 0x15 [0212.114] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\*.*" (normalized: "c:\\users\\default user\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced58) returned 1 [0212.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0212.121] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm", lpFilePart=0x0) returned 0x12 [0212.121] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\*.*" (normalized: "c:\\users\\oqxzraykm\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0212.122] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.122] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x516f3163, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x516f3163, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x516f3163, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3D Objects", cAlternateFileName="3DOBJE~1")) returned 1 [0212.122] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0212.122] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0212.122] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51af929e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51b1f549, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51b1f549, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0212.122] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0212.122] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd54a26de, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd54a26de, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0212.122] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdc30a0e7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b39779e, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0212.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51e1a3cc, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51e1a3cc, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0212.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x510634ff, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x51b45731, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0212.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x523e9d9f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x523e9d9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0212.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0212.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2ab6df7e, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0212.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x33362d37, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x33362d37, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x33362d37, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0212.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0212.123] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x32835e7c, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xaed1af19, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xaed1af19, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0212.125] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x331bf460, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x331bf460, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x331bf460, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x72000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0212.126] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x331bf460, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x331bf460, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x331bf460, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0212.128] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x331bf460, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x99826963, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x99826963, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0212.130] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x331bf460, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xa61ed638, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x331e547b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0212.132] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x331e547b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x331e547b, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x331e547b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0212.133] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x333aefe1, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x333aefe1, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0212.134] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xbbb64156, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x52aba850, ftLastAccessTime.dwHighDateTime=0x1d94217, ftLastWriteTime.dwLowDateTime=0x52aba850, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0212.134] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd781e725, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b0e88aa, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0212.134] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0212.134] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0212.134] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x5213b46d, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x5213b46d, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0212.134] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51dcdf1c, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x50c1106f, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x522b8c50, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0212.134] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0212.134] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0212.134] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0212.135] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd85155ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b2662dc, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0212.135] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd85155ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b2662dc, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0212.135] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0212.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0212.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0212.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0212.135] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm", lpFilePart=0x0) returned 0x12 [0212.136] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\*" (normalized: "c:\\users\\oqxzraykm\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600b80 [0212.137] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.137] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x516f3163, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x516f3163, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x516f3163, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3D Objects", cAlternateFileName="3DOBJE~1")) returned 1 [0212.137] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0212.137] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0212.137] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51af929e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51b1f549, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51b1f549, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0212.138] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0212.138] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd54a26de, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd54a26de, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0212.138] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdc30a0e7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b39779e, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0212.138] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51e1a3cc, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51e1a3cc, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0212.138] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x510634ff, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x51b45731, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0212.138] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x523e9d9f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x523e9d9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0212.138] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0212.138] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2ab6df7e, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0212.139] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x33362d37, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x33362d37, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x33362d37, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0212.139] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0212.139] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x32835e7c, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xaed1af19, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xaed1af19, ftLastWriteTime.dwHighDateTime=0x1d9b55c, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0212.139] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x331bf460, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x331bf460, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x331bf460, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x72000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0212.139] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x331bf460, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x331bf460, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x331bf460, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0212.139] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x331bf460, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x99826963, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x99826963, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0212.139] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x331bf460, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xa61ed638, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x331e547b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0212.139] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x331e547b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x331e547b, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x331e547b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0212.139] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x333aefe1, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x333aefe1, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0212.139] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xbbb64156, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x52aba850, ftLastAccessTime.dwHighDateTime=0x1d94217, ftLastWriteTime.dwLowDateTime=0x52aba850, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0212.139] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd781e725, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b0e88aa, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0212.140] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0212.140] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0212.140] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x5213b46d, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x5213b46d, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0212.140] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51dcdf1c, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x50c1106f, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x522b8c50, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0212.140] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0212.140] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0212.140] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0212.140] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd85155ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b2662dc, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0212.141] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.141] FindClose (in: hFindFile=0x600b80 | out: hFindFile=0x600b80) returned 1 [0212.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0212.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0212.141] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.141] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\3D Objects", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\3D Objects", lpFilePart=0x0) returned 0x1d [0212.142] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\3D Objects\\*.*" (normalized: "c:\\users\\oqxzraykm\\3d objects\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x516f3163, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x516f3163, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x516f3163, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0212.142] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x516f3163, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x516f3163, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x516f3163, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.142] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x516f3163, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x50d1bec6, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x516f3163, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x12a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.142] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.143] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0212.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.143] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\3D Objects", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\3D Objects", lpFilePart=0x0) returned 0x1d [0212.144] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\3D Objects\\*" (normalized: "c:\\users\\oqxzraykm\\3d objects\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x516f3163, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12d3b287, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x516f3163, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0212.144] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x516f3163, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12d3b287, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x516f3163, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.144] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x516f3163, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x50d1bec6, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x516f3163, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x12a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.144] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x516f3163, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x50d1bec6, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x516f3163, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x12a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0212.144] FindClose (in: hFindFile=0x601600 | out: hFindFile=0x601600) returned 1 [0212.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.145] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData", lpFilePart=0x0) returned 0x1a [0212.146] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.146] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.146] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdefec1b7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7e8773d3, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0212.146] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xb1498eed, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xbee73e44, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0212.146] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd5646218, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2bd46d5c, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0212.146] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd5646218, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2bd46d5c, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0 [0212.147] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0212.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.148] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData", lpFilePart=0x0) returned 0x1a [0212.149] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0212.149] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd614d036, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.150] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdefec1b7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7e8773d3, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0212.150] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xb1498eed, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xbee73e44, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0212.150] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd5646218, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2bd46d5c, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0212.150] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.150] FindClose (in: hFindFile=0x601000 | out: hFindFile=0x601000) returned 1 [0212.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.151] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.151] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0212.152] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd5646218, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2bd46d5c, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.152] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd5646218, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2bd46d5c, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.153] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcaf63680, ftCreationTime.dwHighDateTime=0x1d9af9d, ftLastAccessTime.dwLowDateTime=0xe4e515d0, ftLastAccessTime.dwHighDateTime=0x1d9b06e, ftLastWriteTime.dwLowDateTime=0xe4e515d0, ftLastWriteTime.dwHighDateTime=0x1d9b06e, nFileSizeHigh=0x0, nFileSizeLow=0x6077, dwReserved0=0x0, dwReserved1=0x0, cFileName="2VBoEMNs2S6bCCIP.m4a", cAlternateFileName="2VBOEM~1.M4A")) returned 1 [0212.153] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72209270, ftCreationTime.dwHighDateTime=0x1d9b22d, ftLastAccessTime.dwLowDateTime=0x948c3f20, ftLastAccessTime.dwHighDateTime=0x1d9b3d7, ftLastWriteTime.dwLowDateTime=0x948c3f20, ftLastWriteTime.dwHighDateTime=0x1d9b3d7, nFileSizeHigh=0x0, nFileSizeLow=0x14b47, dwReserved0=0x0, dwReserved1=0x0, cFileName="3E8aHN.png", cAlternateFileName="")) returned 1 [0212.153] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16304e50, ftCreationTime.dwHighDateTime=0x1d9b3b4, ftLastAccessTime.dwLowDateTime=0xf82358e0, ftLastAccessTime.dwHighDateTime=0x1d9b51f, ftLastWriteTime.dwLowDateTime=0xf82358e0, ftLastWriteTime.dwHighDateTime=0x1d9b51f, nFileSizeHigh=0x0, nFileSizeLow=0x12092, dwReserved0=0x0, dwReserved1=0x0, cFileName="7QSM7Bo389nPLE.rtf", cAlternateFileName="7QSM7B~1.RTF")) returned 1 [0212.153] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0212.154] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc788a920, ftCreationTime.dwHighDateTime=0x1d9a7bd, ftLastAccessTime.dwLowDateTime=0x13fe7750, ftLastAccessTime.dwHighDateTime=0x1d9ad6b, ftLastWriteTime.dwLowDateTime=0x13fe7750, ftLastWriteTime.dwHighDateTime=0x1d9ad6b, nFileSizeHigh=0x0, nFileSizeLow=0x148b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="agIzu315tEkMCK.avi", cAlternateFileName="AGIZU3~1.AVI")) returned 1 [0212.154] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58b0d8e0, ftCreationTime.dwHighDateTime=0x1d9aaf3, ftLastAccessTime.dwLowDateTime=0x5e439440, ftLastAccessTime.dwHighDateTime=0x1d9b454, ftLastWriteTime.dwLowDateTime=0x5e439440, ftLastWriteTime.dwHighDateTime=0x1d9b454, nFileSizeHigh=0x0, nFileSizeLow=0x13da5, dwReserved0=0x0, dwReserved1=0x0, cFileName="AwXZ4sgzr.ots", cAlternateFileName="AWXZ4S~1.OTS")) returned 1 [0212.154] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba187d0, ftCreationTime.dwHighDateTime=0x1d9af20, ftLastAccessTime.dwLowDateTime=0xf475ac30, ftLastAccessTime.dwHighDateTime=0x1d9b0d7, ftLastWriteTime.dwLowDateTime=0xf475ac30, ftLastWriteTime.dwHighDateTime=0x1d9b0d7, nFileSizeHigh=0x0, nFileSizeLow=0xdf60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bTFL.m4a", cAlternateFileName="")) returned 1 [0212.154] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d54f920, ftCreationTime.dwHighDateTime=0x1d9ac65, ftLastAccessTime.dwLowDateTime=0xb07f84d0, ftLastAccessTime.dwHighDateTime=0x1d9b346, ftLastWriteTime.dwLowDateTime=0xb07f84d0, ftLastWriteTime.dwHighDateTime=0x1d9b346, nFileSizeHigh=0x0, nFileSizeLow=0xa41a, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRk7sEcLxn.ppt", cAlternateFileName="CRK7SE~1.PPT")) returned 1 [0212.154] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe368db40, ftCreationTime.dwHighDateTime=0x1d9a698, ftLastAccessTime.dwLowDateTime=0x633a3ec0, ftLastAccessTime.dwHighDateTime=0x1d9b064, ftLastWriteTime.dwLowDateTime=0x633a3ec0, ftLastWriteTime.dwHighDateTime=0x1d9b064, nFileSizeHigh=0x0, nFileSizeLow=0x361e, dwReserved0=0x0, dwReserved1=0x0, cFileName="CSRpjbn.docx", cAlternateFileName="CSRPJB~1.DOC")) returned 1 [0212.154] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7b42710, ftCreationTime.dwHighDateTime=0x1d9afa0, ftLastAccessTime.dwLowDateTime=0xd9b54da0, ftLastAccessTime.dwHighDateTime=0x1d9b06a, ftLastWriteTime.dwLowDateTime=0xd9b54da0, ftLastWriteTime.dwHighDateTime=0x1d9b06a, nFileSizeHigh=0x0, nFileSizeLow=0x1254b, dwReserved0=0x0, dwReserved1=0x0, cFileName="DMLxoOU.bmp", cAlternateFileName="")) returned 1 [0212.155] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb194f8e0, ftCreationTime.dwHighDateTime=0x1d9a884, ftLastAccessTime.dwLowDateTime=0x17055850, ftLastAccessTime.dwHighDateTime=0x1d9af24, ftLastWriteTime.dwLowDateTime=0x17055850, ftLastWriteTime.dwHighDateTime=0x1d9af24, nFileSizeHigh=0x0, nFileSizeLow=0x4bbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="dy8.gif", cAlternateFileName="")) returned 1 [0212.155] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36e4690, ftCreationTime.dwHighDateTime=0x1d9b524, ftLastAccessTime.dwLowDateTime=0x6ed46f10, ftLastAccessTime.dwHighDateTime=0x1d9b52a, ftLastWriteTime.dwLowDateTime=0x6ed46f10, ftLastWriteTime.dwHighDateTime=0x1d9b52a, nFileSizeHigh=0x0, nFileSizeLow=0x1c81, dwReserved0=0x0, dwReserved1=0x0, cFileName="eHXp79eO.mp3", cAlternateFileName="")) returned 1 [0212.155] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2fbdc00, ftCreationTime.dwHighDateTime=0x1d9ae9d, ftLastAccessTime.dwLowDateTime=0x85224c30, ftLastAccessTime.dwHighDateTime=0x1d9b050, ftLastWriteTime.dwLowDateTime=0x85224c30, ftLastWriteTime.dwHighDateTime=0x1d9b050, nFileSizeHigh=0x0, nFileSizeLow=0x11ba7, dwReserved0=0x0, dwReserved1=0x0, cFileName="EIweEXdtYapI-M.doc", cAlternateFileName="EIWEEX~1.DOC")) returned 1 [0212.155] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xceeef430, ftCreationTime.dwHighDateTime=0x1d9ae7a, ftLastAccessTime.dwLowDateTime=0x67d23830, ftLastAccessTime.dwHighDateTime=0x1d9aec9, ftLastWriteTime.dwLowDateTime=0x67d23830, ftLastWriteTime.dwHighDateTime=0x1d9aec9, nFileSizeHigh=0x0, nFileSizeLow=0x601f, dwReserved0=0x0, dwReserved1=0x0, cFileName="ElpeOAVutUJ0.swf", cAlternateFileName="ELPEOA~1.SWF")) returned 1 [0212.155] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3825050, ftCreationTime.dwHighDateTime=0x1d9b536, ftLastAccessTime.dwLowDateTime=0x187f8ad0, ftLastAccessTime.dwHighDateTime=0x1d9b53b, ftLastWriteTime.dwLowDateTime=0x187f8ad0, ftLastWriteTime.dwHighDateTime=0x1d9b53b, nFileSizeHigh=0x0, nFileSizeLow=0x9c90, dwReserved0=0x0, dwReserved1=0x0, cFileName="FHPuaK.png", cAlternateFileName="")) returned 1 [0212.155] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47ec35b0, ftCreationTime.dwHighDateTime=0x1d9aa92, ftLastAccessTime.dwLowDateTime=0x32fbaac0, ftLastAccessTime.dwHighDateTime=0x1d9aaef, ftLastWriteTime.dwLowDateTime=0x32fbaac0, ftLastWriteTime.dwHighDateTime=0x1d9aaef, nFileSizeHigh=0x0, nFileSizeLow=0x12194, dwReserved0=0x0, dwReserved1=0x0, cFileName="fKIJsgucmnFedTn EAkl.bmp", cAlternateFileName="FKIJSG~1.BMP")) returned 1 [0212.155] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3158bba0, ftCreationTime.dwHighDateTime=0x1d9b2af, ftLastAccessTime.dwLowDateTime=0xc786380, ftLastAccessTime.dwHighDateTime=0x1d9b2c8, ftLastWriteTime.dwLowDateTime=0xc786380, ftLastWriteTime.dwHighDateTime=0x1d9b2c8, nFileSizeHigh=0x0, nFileSizeLow=0x14368, dwReserved0=0x0, dwReserved1=0x0, cFileName="FUXu.wav", cAlternateFileName="")) returned 1 [0212.156] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1a68480, ftCreationTime.dwHighDateTime=0x1d9afb6, ftLastAccessTime.dwLowDateTime=0x90d156d0, ftLastAccessTime.dwHighDateTime=0x1d9b3d3, ftLastWriteTime.dwLowDateTime=0x90d156d0, ftLastWriteTime.dwHighDateTime=0x1d9b3d3, nFileSizeHigh=0x0, nFileSizeLow=0x1279d, dwReserved0=0x0, dwReserved1=0x0, cFileName="G50O8m9fIZrG8.mp4", cAlternateFileName="G50O8M~1.MP4")) returned 1 [0212.156] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc93d3c20, ftCreationTime.dwHighDateTime=0x1d9b16f, ftLastAccessTime.dwLowDateTime=0xa5053380, ftLastAccessTime.dwHighDateTime=0x1d9b1ec, ftLastWriteTime.dwLowDateTime=0xa5053380, ftLastWriteTime.dwHighDateTime=0x1d9b1ec, nFileSizeHigh=0x0, nFileSizeLow=0x326b, dwReserved0=0x0, dwReserved1=0x0, cFileName="HP_ON6wZYt.gif", cAlternateFileName="HP_ON6~1.GIF")) returned 1 [0212.156] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8350e010, ftCreationTime.dwHighDateTime=0x1d9aa88, ftLastAccessTime.dwLowDateTime=0x7e6666c0, ftLastAccessTime.dwHighDateTime=0x1d9ac58, ftLastWriteTime.dwLowDateTime=0x7e6666c0, ftLastWriteTime.dwHighDateTime=0x1d9ac58, nFileSizeHigh=0x0, nFileSizeLow=0x6e2e, dwReserved0=0x0, dwReserved1=0x0, cFileName="HV7jt.swf", cAlternateFileName="")) returned 1 [0212.156] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46825e70, ftCreationTime.dwHighDateTime=0x1d9b0d2, ftLastAccessTime.dwLowDateTime=0x8ecab540, ftLastAccessTime.dwHighDateTime=0x1d9b52f, ftLastWriteTime.dwLowDateTime=0x8ecab540, ftLastWriteTime.dwHighDateTime=0x1d9b52f, nFileSizeHigh=0x0, nFileSizeLow=0x15eb5, dwReserved0=0x0, dwReserved1=0x0, cFileName="I65k88z4Kzcv0N198eA.swf", cAlternateFileName="I65K88~1.SWF")) returned 1 [0212.156] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7257bfd0, ftCreationTime.dwHighDateTime=0x1d9ac1e, ftLastAccessTime.dwLowDateTime=0xf8f33a70, ftLastAccessTime.dwHighDateTime=0x1d9b19a, ftLastWriteTime.dwLowDateTime=0xf8f33a70, ftLastWriteTime.dwHighDateTime=0x1d9b19a, nFileSizeHigh=0x0, nFileSizeLow=0x6d97, dwReserved0=0x0, dwReserved1=0x0, cFileName="iUpmh41p6jqedcsFvf.avi", cAlternateFileName="IUPMH4~1.AVI")) returned 1 [0212.156] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9bc6d510, ftCreationTime.dwHighDateTime=0x1d9ad48, ftLastAccessTime.dwLowDateTime=0x45fcd350, ftLastAccessTime.dwHighDateTime=0x1d9b199, ftLastWriteTime.dwLowDateTime=0x45fcd350, ftLastWriteTime.dwHighDateTime=0x1d9b199, nFileSizeHigh=0x0, nFileSizeLow=0x5a93, dwReserved0=0x0, dwReserved1=0x0, cFileName="K5uz5o5XTBMp0fYl9q.m4a", cAlternateFileName="K5UZ5O~1.M4A")) returned 1 [0212.156] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf717e480, ftCreationTime.dwHighDateTime=0x1d9b4ec, ftLastAccessTime.dwLowDateTime=0x2c6f1850, ftLastAccessTime.dwHighDateTime=0x1d9b511, ftLastWriteTime.dwLowDateTime=0x2c6f1850, ftLastWriteTime.dwHighDateTime=0x1d9b511, nFileSizeHigh=0x0, nFileSizeLow=0x1520e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LlSsYAHS.m4a", cAlternateFileName="")) returned 1 [0212.157] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63d40e90, ftCreationTime.dwHighDateTime=0x1d9a670, ftLastAccessTime.dwLowDateTime=0x80c5fd40, ftLastAccessTime.dwHighDateTime=0x1d9ac3a, ftLastWriteTime.dwLowDateTime=0x80c5fd40, ftLastWriteTime.dwHighDateTime=0x1d9ac3a, nFileSizeHigh=0x0, nFileSizeLow=0x12b5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MfGYDk9Y.ppt", cAlternateFileName="")) returned 1 [0212.157] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd617334b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xae878b47, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0212.157] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85867a60, ftCreationTime.dwHighDateTime=0x1d9a5ca, ftLastAccessTime.dwLowDateTime=0x945d4c90, ftLastAccessTime.dwHighDateTime=0x1d9a876, ftLastWriteTime.dwLowDateTime=0x945d4c90, ftLastWriteTime.dwHighDateTime=0x1d9a876, nFileSizeHigh=0x0, nFileSizeLow=0xa92a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MV73nxGICe.jpg", cAlternateFileName="MV73NX~1.JPG")) returned 1 [0212.158] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f483b90, ftCreationTime.dwHighDateTime=0x1d9aace, ftLastAccessTime.dwLowDateTime=0x1c6d9450, ftLastAccessTime.dwHighDateTime=0x1d9b20e, ftLastWriteTime.dwLowDateTime=0x1c6d9450, ftLastWriteTime.dwHighDateTime=0x1d9b20e, nFileSizeHigh=0x0, nFileSizeLow=0x9bb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="mZ64afCpOGKU7h.swf", cAlternateFileName="MZ64AF~1.SWF")) returned 1 [0212.158] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c1fc6e0, ftCreationTime.dwHighDateTime=0x1d9a5a8, ftLastAccessTime.dwLowDateTime=0x32ebfdc0, ftLastAccessTime.dwHighDateTime=0x1d9aee9, ftLastWriteTime.dwLowDateTime=0x32ebfdc0, ftLastWriteTime.dwHighDateTime=0x1d9aee9, nFileSizeHigh=0x0, nFileSizeLow=0xef3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="N8xZYUyI6vemCx.wav", cAlternateFileName="N8XZYU~1.WAV")) returned 1 [0212.158] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x995554c0, ftCreationTime.dwHighDateTime=0x1d9acd8, ftLastAccessTime.dwLowDateTime=0x44ee2d70, ftLastAccessTime.dwHighDateTime=0x1d9b120, ftLastWriteTime.dwLowDateTime=0x44ee2d70, ftLastWriteTime.dwHighDateTime=0x1d9b120, nFileSizeHigh=0x0, nFileSizeLow=0xb705, dwReserved0=0x0, dwReserved1=0x0, cFileName="nE3j.mp3", cAlternateFileName="")) returned 1 [0212.158] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a47b50, ftCreationTime.dwHighDateTime=0x1d9b3ff, ftLastAccessTime.dwLowDateTime=0x5af18e70, ftLastAccessTime.dwHighDateTime=0x1d9b425, ftLastWriteTime.dwLowDateTime=0x5af18e70, ftLastWriteTime.dwHighDateTime=0x1d9b425, nFileSizeHigh=0x0, nFileSizeLow=0x16688, dwReserved0=0x0, dwReserved1=0x0, cFileName="OTMBVrH.mp4", cAlternateFileName="")) returned 1 [0212.158] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83036450, ftCreationTime.dwHighDateTime=0x1d9aa30, ftLastAccessTime.dwLowDateTime=0x4d9c07a0, ftLastAccessTime.dwHighDateTime=0x1d9af61, ftLastWriteTime.dwLowDateTime=0x4d9c07a0, ftLastWriteTime.dwHighDateTime=0x1d9af61, nFileSizeHigh=0x0, nFileSizeLow=0x712d, dwReserved0=0x0, dwReserved1=0x0, cFileName="OvLGXdJo_8CMQ.doc", cAlternateFileName="OVLGXD~1.DOC")) returned 1 [0212.158] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc18c1a40, ftCreationTime.dwHighDateTime=0x1d9adc4, ftLastAccessTime.dwLowDateTime=0xc26c0970, ftLastAccessTime.dwHighDateTime=0x1d9ae05, ftLastWriteTime.dwLowDateTime=0xc26c0970, ftLastWriteTime.dwHighDateTime=0x1d9ae05, nFileSizeHigh=0x0, nFileSizeLow=0x1234e, dwReserved0=0x0, dwReserved1=0x0, cFileName="P4nhTG-oMiEDYv2EH.png", cAlternateFileName="P4NHTG~1.PNG")) returned 1 [0212.159] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9e8ce60, ftCreationTime.dwHighDateTime=0x1d9ae27, ftLastAccessTime.dwLowDateTime=0xf6c0b850, ftLastAccessTime.dwHighDateTime=0x1d9b432, ftLastWriteTime.dwLowDateTime=0xf6c0b850, ftLastWriteTime.dwHighDateTime=0x1d9b432, nFileSizeHigh=0x0, nFileSizeLow=0x8c79, dwReserved0=0x0, dwReserved1=0x0, cFileName="snzDMqSsgLa.docx", cAlternateFileName="SNZDMQ~1.DOC")) returned 1 [0212.159] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa976d6c8, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0xa976d6c8, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xa976d6c8, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0212.159] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57d6880, ftCreationTime.dwHighDateTime=0x1d9a799, ftLastAccessTime.dwLowDateTime=0x73580020, ftLastAccessTime.dwHighDateTime=0x1d9b0b0, ftLastWriteTime.dwLowDateTime=0x73580020, ftLastWriteTime.dwHighDateTime=0x1d9b0b0, nFileSizeHigh=0x0, nFileSizeLow=0x13f0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="TL__DH.flv", cAlternateFileName="")) returned 1 [0212.159] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeff723f0, ftCreationTime.dwHighDateTime=0x1d9ae9d, ftLastAccessTime.dwLowDateTime=0xf3742070, ftLastAccessTime.dwHighDateTime=0x1d9aec3, ftLastWriteTime.dwLowDateTime=0xf3742070, ftLastWriteTime.dwHighDateTime=0x1d9aec3, nFileSizeHigh=0x0, nFileSizeLow=0x87f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="T_1f.swf", cAlternateFileName="")) returned 1 [0212.159] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23a2de80, ftCreationTime.dwHighDateTime=0x1d9b450, ftLastAccessTime.dwLowDateTime=0x40ead320, ftLastAccessTime.dwHighDateTime=0x1d9b48d, ftLastWriteTime.dwLowDateTime=0x40ead320, ftLastWriteTime.dwHighDateTime=0x1d9b48d, nFileSizeHigh=0x0, nFileSizeLow=0x8954, dwReserved0=0x0, dwReserved1=0x0, cFileName="whTkvl2ztGEUDeU.mkv", cAlternateFileName="WHTKVL~1.MKV")) returned 1 [0212.159] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d23ecb0, ftCreationTime.dwHighDateTime=0x1d9a7a6, ftLastAccessTime.dwLowDateTime=0x39a814f0, ftLastAccessTime.dwHighDateTime=0x1d9aee9, ftLastWriteTime.dwLowDateTime=0x39a814f0, ftLastWriteTime.dwHighDateTime=0x1d9aee9, nFileSizeHigh=0x0, nFileSizeLow=0xd568, dwReserved0=0x0, dwReserved1=0x0, cFileName="xRlhM7BkA6.gif", cAlternateFileName="XRLHM7~1.GIF")) returned 1 [0212.159] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2f3af80, ftCreationTime.dwHighDateTime=0x1d9aa13, ftLastAccessTime.dwLowDateTime=0x49744e10, ftLastAccessTime.dwHighDateTime=0x1d9ae3c, ftLastWriteTime.dwLowDateTime=0x49744e10, ftLastWriteTime.dwHighDateTime=0x1d9ae3c, nFileSizeHigh=0x0, nFileSizeLow=0x170ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="xtg6wN8 vqwyR.m4a", cAlternateFileName="XTG6WN~1.M4A")) returned 1 [0212.159] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29901350, ftCreationTime.dwHighDateTime=0x1d9b1e7, ftLastAccessTime.dwLowDateTime=0x5aaa15d0, ftLastAccessTime.dwHighDateTime=0x1d9b20f, ftLastWriteTime.dwLowDateTime=0x5aaa15d0, ftLastWriteTime.dwHighDateTime=0x1d9b20f, nFileSizeHigh=0x0, nFileSizeLow=0x18e72, dwReserved0=0x0, dwReserved1=0x0, cFileName="_tsyATtiMqRdse.mp3", cAlternateFileName="_TSYAT~1.MP3")) returned 1 [0212.160] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21b23480, ftCreationTime.dwHighDateTime=0x1d9b3c0, ftLastAccessTime.dwLowDateTime=0xed936c10, ftLastAccessTime.dwHighDateTime=0x1d9b4cc, ftLastWriteTime.dwLowDateTime=0xed936c10, ftLastWriteTime.dwHighDateTime=0x1d9b4cc, nFileSizeHigh=0x0, nFileSizeLow=0xf247, dwReserved0=0x0, dwReserved1=0x0, cFileName="_UulpmwRJzLLF38.swf", cAlternateFileName="_UULPM~1.SWF")) returned 1 [0212.160] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fee08c0, ftCreationTime.dwHighDateTime=0x1d9b1bd, ftLastAccessTime.dwLowDateTime=0x8fe6ed70, ftLastAccessTime.dwHighDateTime=0x1d9b3ec, ftLastWriteTime.dwLowDateTime=0x8fe6ed70, ftLastWriteTime.dwHighDateTime=0x1d9b3ec, nFileSizeHigh=0x0, nFileSizeLow=0xed87, dwReserved0=0x0, dwReserved1=0x0, cFileName="__elk.ppt", cAlternateFileName="")) returned 1 [0212.160] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.160] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0212.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.160] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0212.161] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd5646218, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2bd46d5c, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.161] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd5646218, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2bd46d5c, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.161] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcaf63680, ftCreationTime.dwHighDateTime=0x1d9af9d, ftLastAccessTime.dwLowDateTime=0xe4e515d0, ftLastAccessTime.dwHighDateTime=0x1d9b06e, ftLastWriteTime.dwLowDateTime=0xe4e515d0, ftLastWriteTime.dwHighDateTime=0x1d9b06e, nFileSizeHigh=0x0, nFileSizeLow=0x6077, dwReserved0=0x0, dwReserved1=0x0, cFileName="2VBoEMNs2S6bCCIP.m4a", cAlternateFileName="2VBOEM~1.M4A")) returned 1 [0212.162] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72209270, ftCreationTime.dwHighDateTime=0x1d9b22d, ftLastAccessTime.dwLowDateTime=0x948c3f20, ftLastAccessTime.dwHighDateTime=0x1d9b3d7, ftLastWriteTime.dwLowDateTime=0x948c3f20, ftLastWriteTime.dwHighDateTime=0x1d9b3d7, nFileSizeHigh=0x0, nFileSizeLow=0x14b47, dwReserved0=0x0, dwReserved1=0x0, cFileName="3E8aHN.png", cAlternateFileName="")) returned 1 [0212.162] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16304e50, ftCreationTime.dwHighDateTime=0x1d9b3b4, ftLastAccessTime.dwLowDateTime=0xf82358e0, ftLastAccessTime.dwHighDateTime=0x1d9b51f, ftLastWriteTime.dwLowDateTime=0xf82358e0, ftLastWriteTime.dwHighDateTime=0x1d9b51f, nFileSizeHigh=0x0, nFileSizeLow=0x12092, dwReserved0=0x0, dwReserved1=0x0, cFileName="7QSM7Bo389nPLE.rtf", cAlternateFileName="7QSM7B~1.RTF")) returned 1 [0212.162] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0212.162] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc788a920, ftCreationTime.dwHighDateTime=0x1d9a7bd, ftLastAccessTime.dwLowDateTime=0x13fe7750, ftLastAccessTime.dwHighDateTime=0x1d9ad6b, ftLastWriteTime.dwLowDateTime=0x13fe7750, ftLastWriteTime.dwHighDateTime=0x1d9ad6b, nFileSizeHigh=0x0, nFileSizeLow=0x148b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="agIzu315tEkMCK.avi", cAlternateFileName="AGIZU3~1.AVI")) returned 1 [0212.162] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58b0d8e0, ftCreationTime.dwHighDateTime=0x1d9aaf3, ftLastAccessTime.dwLowDateTime=0x5e439440, ftLastAccessTime.dwHighDateTime=0x1d9b454, ftLastWriteTime.dwLowDateTime=0x5e439440, ftLastWriteTime.dwHighDateTime=0x1d9b454, nFileSizeHigh=0x0, nFileSizeLow=0x13da5, dwReserved0=0x0, dwReserved1=0x0, cFileName="AwXZ4sgzr.ots", cAlternateFileName="AWXZ4S~1.OTS")) returned 1 [0212.162] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba187d0, ftCreationTime.dwHighDateTime=0x1d9af20, ftLastAccessTime.dwLowDateTime=0xf475ac30, ftLastAccessTime.dwHighDateTime=0x1d9b0d7, ftLastWriteTime.dwLowDateTime=0xf475ac30, ftLastWriteTime.dwHighDateTime=0x1d9b0d7, nFileSizeHigh=0x0, nFileSizeLow=0xdf60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bTFL.m4a", cAlternateFileName="")) returned 1 [0212.162] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d54f920, ftCreationTime.dwHighDateTime=0x1d9ac65, ftLastAccessTime.dwLowDateTime=0xb07f84d0, ftLastAccessTime.dwHighDateTime=0x1d9b346, ftLastWriteTime.dwLowDateTime=0xb07f84d0, ftLastWriteTime.dwHighDateTime=0x1d9b346, nFileSizeHigh=0x0, nFileSizeLow=0xa41a, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRk7sEcLxn.ppt", cAlternateFileName="CRK7SE~1.PPT")) returned 1 [0212.162] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe368db40, ftCreationTime.dwHighDateTime=0x1d9a698, ftLastAccessTime.dwLowDateTime=0x633a3ec0, ftLastAccessTime.dwHighDateTime=0x1d9b064, ftLastWriteTime.dwLowDateTime=0x633a3ec0, ftLastWriteTime.dwHighDateTime=0x1d9b064, nFileSizeHigh=0x0, nFileSizeLow=0x361e, dwReserved0=0x0, dwReserved1=0x0, cFileName="CSRpjbn.docx", cAlternateFileName="CSRPJB~1.DOC")) returned 1 [0212.163] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7b42710, ftCreationTime.dwHighDateTime=0x1d9afa0, ftLastAccessTime.dwLowDateTime=0xd9b54da0, ftLastAccessTime.dwHighDateTime=0x1d9b06a, ftLastWriteTime.dwLowDateTime=0xd9b54da0, ftLastWriteTime.dwHighDateTime=0x1d9b06a, nFileSizeHigh=0x0, nFileSizeLow=0x1254b, dwReserved0=0x0, dwReserved1=0x0, cFileName="DMLxoOU.bmp", cAlternateFileName="")) returned 1 [0212.163] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb194f8e0, ftCreationTime.dwHighDateTime=0x1d9a884, ftLastAccessTime.dwLowDateTime=0x17055850, ftLastAccessTime.dwHighDateTime=0x1d9af24, ftLastWriteTime.dwLowDateTime=0x17055850, ftLastWriteTime.dwHighDateTime=0x1d9af24, nFileSizeHigh=0x0, nFileSizeLow=0x4bbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="dy8.gif", cAlternateFileName="")) returned 1 [0212.163] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36e4690, ftCreationTime.dwHighDateTime=0x1d9b524, ftLastAccessTime.dwLowDateTime=0x6ed46f10, ftLastAccessTime.dwHighDateTime=0x1d9b52a, ftLastWriteTime.dwLowDateTime=0x6ed46f10, ftLastWriteTime.dwHighDateTime=0x1d9b52a, nFileSizeHigh=0x0, nFileSizeLow=0x1c81, dwReserved0=0x0, dwReserved1=0x0, cFileName="eHXp79eO.mp3", cAlternateFileName="")) returned 1 [0212.163] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2fbdc00, ftCreationTime.dwHighDateTime=0x1d9ae9d, ftLastAccessTime.dwLowDateTime=0x85224c30, ftLastAccessTime.dwHighDateTime=0x1d9b050, ftLastWriteTime.dwLowDateTime=0x85224c30, ftLastWriteTime.dwHighDateTime=0x1d9b050, nFileSizeHigh=0x0, nFileSizeLow=0x11ba7, dwReserved0=0x0, dwReserved1=0x0, cFileName="EIweEXdtYapI-M.doc", cAlternateFileName="EIWEEX~1.DOC")) returned 1 [0212.163] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xceeef430, ftCreationTime.dwHighDateTime=0x1d9ae7a, ftLastAccessTime.dwLowDateTime=0x67d23830, ftLastAccessTime.dwHighDateTime=0x1d9aec9, ftLastWriteTime.dwLowDateTime=0x67d23830, ftLastWriteTime.dwHighDateTime=0x1d9aec9, nFileSizeHigh=0x0, nFileSizeLow=0x601f, dwReserved0=0x0, dwReserved1=0x0, cFileName="ElpeOAVutUJ0.swf", cAlternateFileName="ELPEOA~1.SWF")) returned 1 [0212.163] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3825050, ftCreationTime.dwHighDateTime=0x1d9b536, ftLastAccessTime.dwLowDateTime=0x187f8ad0, ftLastAccessTime.dwHighDateTime=0x1d9b53b, ftLastWriteTime.dwLowDateTime=0x187f8ad0, ftLastWriteTime.dwHighDateTime=0x1d9b53b, nFileSizeHigh=0x0, nFileSizeLow=0x9c90, dwReserved0=0x0, dwReserved1=0x0, cFileName="FHPuaK.png", cAlternateFileName="")) returned 1 [0212.163] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47ec35b0, ftCreationTime.dwHighDateTime=0x1d9aa92, ftLastAccessTime.dwLowDateTime=0x32fbaac0, ftLastAccessTime.dwHighDateTime=0x1d9aaef, ftLastWriteTime.dwLowDateTime=0x32fbaac0, ftLastWriteTime.dwHighDateTime=0x1d9aaef, nFileSizeHigh=0x0, nFileSizeLow=0x12194, dwReserved0=0x0, dwReserved1=0x0, cFileName="fKIJsgucmnFedTn EAkl.bmp", cAlternateFileName="FKIJSG~1.BMP")) returned 1 [0212.164] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3158bba0, ftCreationTime.dwHighDateTime=0x1d9b2af, ftLastAccessTime.dwLowDateTime=0xc786380, ftLastAccessTime.dwHighDateTime=0x1d9b2c8, ftLastWriteTime.dwLowDateTime=0xc786380, ftLastWriteTime.dwHighDateTime=0x1d9b2c8, nFileSizeHigh=0x0, nFileSizeLow=0x14368, dwReserved0=0x0, dwReserved1=0x0, cFileName="FUXu.wav", cAlternateFileName="")) returned 1 [0212.164] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1a68480, ftCreationTime.dwHighDateTime=0x1d9afb6, ftLastAccessTime.dwLowDateTime=0x90d156d0, ftLastAccessTime.dwHighDateTime=0x1d9b3d3, ftLastWriteTime.dwLowDateTime=0x90d156d0, ftLastWriteTime.dwHighDateTime=0x1d9b3d3, nFileSizeHigh=0x0, nFileSizeLow=0x1279d, dwReserved0=0x0, dwReserved1=0x0, cFileName="G50O8m9fIZrG8.mp4", cAlternateFileName="G50O8M~1.MP4")) returned 1 [0212.164] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc93d3c20, ftCreationTime.dwHighDateTime=0x1d9b16f, ftLastAccessTime.dwLowDateTime=0xa5053380, ftLastAccessTime.dwHighDateTime=0x1d9b1ec, ftLastWriteTime.dwLowDateTime=0xa5053380, ftLastWriteTime.dwHighDateTime=0x1d9b1ec, nFileSizeHigh=0x0, nFileSizeLow=0x326b, dwReserved0=0x0, dwReserved1=0x0, cFileName="HP_ON6wZYt.gif", cAlternateFileName="HP_ON6~1.GIF")) returned 1 [0212.164] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8350e010, ftCreationTime.dwHighDateTime=0x1d9aa88, ftLastAccessTime.dwLowDateTime=0x7e6666c0, ftLastAccessTime.dwHighDateTime=0x1d9ac58, ftLastWriteTime.dwLowDateTime=0x7e6666c0, ftLastWriteTime.dwHighDateTime=0x1d9ac58, nFileSizeHigh=0x0, nFileSizeLow=0x6e2e, dwReserved0=0x0, dwReserved1=0x0, cFileName="HV7jt.swf", cAlternateFileName="")) returned 1 [0212.164] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46825e70, ftCreationTime.dwHighDateTime=0x1d9b0d2, ftLastAccessTime.dwLowDateTime=0x8ecab540, ftLastAccessTime.dwHighDateTime=0x1d9b52f, ftLastWriteTime.dwLowDateTime=0x8ecab540, ftLastWriteTime.dwHighDateTime=0x1d9b52f, nFileSizeHigh=0x0, nFileSizeLow=0x15eb5, dwReserved0=0x0, dwReserved1=0x0, cFileName="I65k88z4Kzcv0N198eA.swf", cAlternateFileName="I65K88~1.SWF")) returned 1 [0212.164] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7257bfd0, ftCreationTime.dwHighDateTime=0x1d9ac1e, ftLastAccessTime.dwLowDateTime=0xf8f33a70, ftLastAccessTime.dwHighDateTime=0x1d9b19a, ftLastWriteTime.dwLowDateTime=0xf8f33a70, ftLastWriteTime.dwHighDateTime=0x1d9b19a, nFileSizeHigh=0x0, nFileSizeLow=0x6d97, dwReserved0=0x0, dwReserved1=0x0, cFileName="iUpmh41p6jqedcsFvf.avi", cAlternateFileName="IUPMH4~1.AVI")) returned 1 [0212.164] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9bc6d510, ftCreationTime.dwHighDateTime=0x1d9ad48, ftLastAccessTime.dwLowDateTime=0x45fcd350, ftLastAccessTime.dwHighDateTime=0x1d9b199, ftLastWriteTime.dwLowDateTime=0x45fcd350, ftLastWriteTime.dwHighDateTime=0x1d9b199, nFileSizeHigh=0x0, nFileSizeLow=0x5a93, dwReserved0=0x0, dwReserved1=0x0, cFileName="K5uz5o5XTBMp0fYl9q.m4a", cAlternateFileName="K5UZ5O~1.M4A")) returned 1 [0212.164] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf717e480, ftCreationTime.dwHighDateTime=0x1d9b4ec, ftLastAccessTime.dwLowDateTime=0x2c6f1850, ftLastAccessTime.dwHighDateTime=0x1d9b511, ftLastWriteTime.dwLowDateTime=0x2c6f1850, ftLastWriteTime.dwHighDateTime=0x1d9b511, nFileSizeHigh=0x0, nFileSizeLow=0x1520e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LlSsYAHS.m4a", cAlternateFileName="")) returned 1 [0212.164] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63d40e90, ftCreationTime.dwHighDateTime=0x1d9a670, ftLastAccessTime.dwLowDateTime=0x80c5fd40, ftLastAccessTime.dwHighDateTime=0x1d9ac3a, ftLastWriteTime.dwLowDateTime=0x80c5fd40, ftLastWriteTime.dwHighDateTime=0x1d9ac3a, nFileSizeHigh=0x0, nFileSizeLow=0x12b5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MfGYDk9Y.ppt", cAlternateFileName="")) returned 1 [0212.164] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd617334b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xae878b47, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0212.164] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85867a60, ftCreationTime.dwHighDateTime=0x1d9a5ca, ftLastAccessTime.dwLowDateTime=0x945d4c90, ftLastAccessTime.dwHighDateTime=0x1d9a876, ftLastWriteTime.dwLowDateTime=0x945d4c90, ftLastWriteTime.dwHighDateTime=0x1d9a876, nFileSizeHigh=0x0, nFileSizeLow=0xa92a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MV73nxGICe.jpg", cAlternateFileName="MV73NX~1.JPG")) returned 1 [0212.165] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f483b90, ftCreationTime.dwHighDateTime=0x1d9aace, ftLastAccessTime.dwLowDateTime=0x1c6d9450, ftLastAccessTime.dwHighDateTime=0x1d9b20e, ftLastWriteTime.dwLowDateTime=0x1c6d9450, ftLastWriteTime.dwHighDateTime=0x1d9b20e, nFileSizeHigh=0x0, nFileSizeLow=0x9bb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="mZ64afCpOGKU7h.swf", cAlternateFileName="MZ64AF~1.SWF")) returned 1 [0212.165] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c1fc6e0, ftCreationTime.dwHighDateTime=0x1d9a5a8, ftLastAccessTime.dwLowDateTime=0x32ebfdc0, ftLastAccessTime.dwHighDateTime=0x1d9aee9, ftLastWriteTime.dwLowDateTime=0x32ebfdc0, ftLastWriteTime.dwHighDateTime=0x1d9aee9, nFileSizeHigh=0x0, nFileSizeLow=0xef3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="N8xZYUyI6vemCx.wav", cAlternateFileName="N8XZYU~1.WAV")) returned 1 [0212.165] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x995554c0, ftCreationTime.dwHighDateTime=0x1d9acd8, ftLastAccessTime.dwLowDateTime=0x44ee2d70, ftLastAccessTime.dwHighDateTime=0x1d9b120, ftLastWriteTime.dwLowDateTime=0x44ee2d70, ftLastWriteTime.dwHighDateTime=0x1d9b120, nFileSizeHigh=0x0, nFileSizeLow=0xb705, dwReserved0=0x0, dwReserved1=0x0, cFileName="nE3j.mp3", cAlternateFileName="")) returned 1 [0212.165] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a47b50, ftCreationTime.dwHighDateTime=0x1d9b3ff, ftLastAccessTime.dwLowDateTime=0x5af18e70, ftLastAccessTime.dwHighDateTime=0x1d9b425, ftLastWriteTime.dwLowDateTime=0x5af18e70, ftLastWriteTime.dwHighDateTime=0x1d9b425, nFileSizeHigh=0x0, nFileSizeLow=0x16688, dwReserved0=0x0, dwReserved1=0x0, cFileName="OTMBVrH.mp4", cAlternateFileName="")) returned 1 [0212.165] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83036450, ftCreationTime.dwHighDateTime=0x1d9aa30, ftLastAccessTime.dwLowDateTime=0x4d9c07a0, ftLastAccessTime.dwHighDateTime=0x1d9af61, ftLastWriteTime.dwLowDateTime=0x4d9c07a0, ftLastWriteTime.dwHighDateTime=0x1d9af61, nFileSizeHigh=0x0, nFileSizeLow=0x712d, dwReserved0=0x0, dwReserved1=0x0, cFileName="OvLGXdJo_8CMQ.doc", cAlternateFileName="OVLGXD~1.DOC")) returned 1 [0212.165] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc18c1a40, ftCreationTime.dwHighDateTime=0x1d9adc4, ftLastAccessTime.dwLowDateTime=0xc26c0970, ftLastAccessTime.dwHighDateTime=0x1d9ae05, ftLastWriteTime.dwLowDateTime=0xc26c0970, ftLastWriteTime.dwHighDateTime=0x1d9ae05, nFileSizeHigh=0x0, nFileSizeLow=0x1234e, dwReserved0=0x0, dwReserved1=0x0, cFileName="P4nhTG-oMiEDYv2EH.png", cAlternateFileName="P4NHTG~1.PNG")) returned 1 [0212.165] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9e8ce60, ftCreationTime.dwHighDateTime=0x1d9ae27, ftLastAccessTime.dwLowDateTime=0xf6c0b850, ftLastAccessTime.dwHighDateTime=0x1d9b432, ftLastWriteTime.dwLowDateTime=0xf6c0b850, ftLastWriteTime.dwHighDateTime=0x1d9b432, nFileSizeHigh=0x0, nFileSizeLow=0x8c79, dwReserved0=0x0, dwReserved1=0x0, cFileName="snzDMqSsgLa.docx", cAlternateFileName="SNZDMQ~1.DOC")) returned 1 [0212.165] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa976d6c8, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0xa976d6c8, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xa976d6c8, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0212.165] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57d6880, ftCreationTime.dwHighDateTime=0x1d9a799, ftLastAccessTime.dwLowDateTime=0x73580020, ftLastAccessTime.dwHighDateTime=0x1d9b0b0, ftLastWriteTime.dwLowDateTime=0x73580020, ftLastWriteTime.dwHighDateTime=0x1d9b0b0, nFileSizeHigh=0x0, nFileSizeLow=0x13f0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="TL__DH.flv", cAlternateFileName="")) returned 1 [0212.165] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeff723f0, ftCreationTime.dwHighDateTime=0x1d9ae9d, ftLastAccessTime.dwLowDateTime=0xf3742070, ftLastAccessTime.dwHighDateTime=0x1d9aec3, ftLastWriteTime.dwLowDateTime=0xf3742070, ftLastWriteTime.dwHighDateTime=0x1d9aec3, nFileSizeHigh=0x0, nFileSizeLow=0x87f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="T_1f.swf", cAlternateFileName="")) returned 1 [0212.165] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23a2de80, ftCreationTime.dwHighDateTime=0x1d9b450, ftLastAccessTime.dwLowDateTime=0x40ead320, ftLastAccessTime.dwHighDateTime=0x1d9b48d, ftLastWriteTime.dwLowDateTime=0x40ead320, ftLastWriteTime.dwHighDateTime=0x1d9b48d, nFileSizeHigh=0x0, nFileSizeLow=0x8954, dwReserved0=0x0, dwReserved1=0x0, cFileName="whTkvl2ztGEUDeU.mkv", cAlternateFileName="WHTKVL~1.MKV")) returned 1 [0212.166] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d23ecb0, ftCreationTime.dwHighDateTime=0x1d9a7a6, ftLastAccessTime.dwLowDateTime=0x39a814f0, ftLastAccessTime.dwHighDateTime=0x1d9aee9, ftLastWriteTime.dwLowDateTime=0x39a814f0, ftLastWriteTime.dwHighDateTime=0x1d9aee9, nFileSizeHigh=0x0, nFileSizeLow=0xd568, dwReserved0=0x0, dwReserved1=0x0, cFileName="xRlhM7BkA6.gif", cAlternateFileName="XRLHM7~1.GIF")) returned 1 [0212.166] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2f3af80, ftCreationTime.dwHighDateTime=0x1d9aa13, ftLastAccessTime.dwLowDateTime=0x49744e10, ftLastAccessTime.dwHighDateTime=0x1d9ae3c, ftLastWriteTime.dwLowDateTime=0x49744e10, ftLastWriteTime.dwHighDateTime=0x1d9ae3c, nFileSizeHigh=0x0, nFileSizeLow=0x170ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="xtg6wN8 vqwyR.m4a", cAlternateFileName="XTG6WN~1.M4A")) returned 1 [0212.166] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29901350, ftCreationTime.dwHighDateTime=0x1d9b1e7, ftLastAccessTime.dwLowDateTime=0x5aaa15d0, ftLastAccessTime.dwHighDateTime=0x1d9b20f, ftLastWriteTime.dwLowDateTime=0x5aaa15d0, ftLastWriteTime.dwHighDateTime=0x1d9b20f, nFileSizeHigh=0x0, nFileSizeLow=0x18e72, dwReserved0=0x0, dwReserved1=0x0, cFileName="_tsyATtiMqRdse.mp3", cAlternateFileName="_TSYAT~1.MP3")) returned 1 [0212.166] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21b23480, ftCreationTime.dwHighDateTime=0x1d9b3c0, ftLastAccessTime.dwLowDateTime=0xed936c10, ftLastAccessTime.dwHighDateTime=0x1d9b4cc, ftLastWriteTime.dwLowDateTime=0xed936c10, ftLastWriteTime.dwHighDateTime=0x1d9b4cc, nFileSizeHigh=0x0, nFileSizeLow=0xf247, dwReserved0=0x0, dwReserved1=0x0, cFileName="_UulpmwRJzLLF38.swf", cAlternateFileName="_UULPM~1.SWF")) returned 1 [0212.166] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fee08c0, ftCreationTime.dwHighDateTime=0x1d9b1bd, ftLastAccessTime.dwLowDateTime=0x8fe6ed70, ftLastAccessTime.dwHighDateTime=0x1d9b3ec, ftLastWriteTime.dwLowDateTime=0x8fe6ed70, ftLastWriteTime.dwHighDateTime=0x1d9b3ec, nFileSizeHigh=0x0, nFileSizeLow=0xed87, dwReserved0=0x0, dwReserved1=0x0, cFileName="__elk.ppt", cAlternateFileName="")) returned 1 [0212.166] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fee08c0, ftCreationTime.dwHighDateTime=0x1d9b1bd, ftLastAccessTime.dwLowDateTime=0x8fe6ed70, ftLastAccessTime.dwHighDateTime=0x1d9b3ec, ftLastWriteTime.dwLowDateTime=0x8fe6ed70, ftLastWriteTime.dwHighDateTime=0x1d9b3ec, nFileSizeHigh=0x0, nFileSizeLow=0xed87, dwReserved0=0x0, dwReserved1=0x0, cFileName="__elk.ppt", cAlternateFileName="")) returned 0 [0212.166] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0212.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.166] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.166] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x28 [0212.167] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\adobe\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0212.168] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.168] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0212.168] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 0 [0212.168] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0212.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0212.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0212.168] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.168] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x28 [0212.170] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\adobe\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12d877ec, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.170] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12d877ec, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.170] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0212.170] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.170] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.170] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0212.170] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0212.170] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.171] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\Flash Player", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\Flash Player", lpFilePart=0x0) returned 0x35 [0212.171] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\Flash Player\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\adobe\\flash player\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.172] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.172] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 1 [0212.172] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 0 [0212.172] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0212.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.172] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\Flash Player", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\Flash Player", lpFilePart=0x0) returned 0x35 [0212.173] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\Flash Player\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\adobe\\flash player\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12d877ec, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0212.173] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12d877ec, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.174] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 1 [0212.174] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.174] FindClose (in: hFindFile=0x601780 | out: hFindFile=0x601780) returned 1 [0212.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.174] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.174] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache", nBufferLength=0x105, lpBuffer=0x1abce630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache", lpFilePart=0x0) returned 0x41 [0212.175] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\adobe\\flash player\\nativecache\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.175] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.175] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4ecc771f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.175] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.176] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache", nBufferLength=0x105, lpBuffer=0x1abce630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache", lpFilePart=0x0) returned 0x41 [0212.177] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\adobe\\flash player\\nativecache\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12d877ec, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0212.177] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12d877ec, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.177] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ecc771f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12d877ec, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4ecc771f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.177] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0212.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.178] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2c [0212.180] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd617334b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xae878b47, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0212.181] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd617334b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xae878b47, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.181] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x34902372, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9366bfd2, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x34902372, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0212.181] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365521b9, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x365521b9, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x365521b9, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0212.181] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd7a0e33a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4edf8b9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0212.181] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51824697, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51824697, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51824697, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0212.181] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x347d1155, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x5817e299, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x5817e299, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0212.181] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xae878b47, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x1b24f438, ftLastAccessTime.dwHighDateTime=0x1d942b2, ftLastWriteTime.dwLowDateTime=0xae878b47, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling", cAlternateFileName="")) returned 1 [0212.181] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6849fd1f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6849fd1f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x6849fd1f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0212.181] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x347aac56, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x347aac56, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x347aac56, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0212.181] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd617334b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x1f9cb6c, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0212.181] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd617334b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x1f9cb6c, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0212.182] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0212.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0212.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0212.182] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.182] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2c [0212.182] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd617334b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xae878b47, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601420 [0212.182] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd617334b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xae878b47, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.183] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x34902372, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9366bfd2, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x34902372, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0212.183] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365521b9, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x365521b9, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x365521b9, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0212.183] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd7a0e33a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4edf8b9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0212.184] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51824697, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51824697, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51824697, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0212.185] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x347d1155, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x5817e299, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x5817e299, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0212.185] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xae878b47, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x1b24f438, ftLastAccessTime.dwHighDateTime=0x1d942b2, ftLastWriteTime.dwLowDateTime=0xae878b47, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling", cAlternateFileName="")) returned 1 [0212.185] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6849fd1f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6849fd1f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x6849fd1f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0212.185] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x347aac56, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x347aac56, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x347aac56, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0212.185] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd617334b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x1f9cb6c, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0212.185] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.185] FindClose (in: hFindFile=0x601420 | out: hFindFile=0x601420) returned 1 [0212.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0212.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0212.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.185] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x38 [0212.186] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Credentials\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\credentials\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x34902372, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9366bfd2, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x34902372, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600b80 [0212.186] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x34902372, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9366bfd2, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x34902372, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.186] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x34902372, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9366bfd2, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x34902372, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.186] FindClose (in: hFindFile=0x600b80 | out: hFindFile=0x600b80) returned 1 [0212.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.187] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x38 [0212.187] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x34902372, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12dadabc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x34902372, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.187] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x34902372, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12dadabc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x34902372, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.187] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x34902372, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12dadabc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x34902372, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.188] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0212.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.188] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto", lpFilePart=0x0) returned 0x33 [0212.188] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\crypto\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365521b9, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3668345e, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3668345e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601960 [0212.189] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365521b9, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3668345e, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3668345e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.189] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3668345e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3668345e, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3668345e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Keys", cAlternateFileName="")) returned 1 [0212.189] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x93f122b4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x365783b6, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0212.189] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x93f122b4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x365783b6, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 0 [0212.189] FindClose (in: hFindFile=0x601960 | out: hFindFile=0x601960) returned 1 [0212.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.189] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto", lpFilePart=0x0) returned 0x33 [0212.190] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\crypto\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365521b9, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12dadabc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3668345e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0212.190] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365521b9, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12dadabc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3668345e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.190] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3668345e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3668345e, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3668345e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Keys", cAlternateFileName="")) returned 1 [0212.190] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x93f122b4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x365783b6, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0212.190] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.190] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0212.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.191] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\Keys", nBufferLength=0x105, lpBuffer=0x1abce630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\Keys", lpFilePart=0x0) returned 0x38 [0212.191] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\Keys\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\crypto\\keys\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3668345e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3668345e, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3668345e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6010c0 [0212.191] FindNextFileW (in: hFindFile=0x6010c0, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3668345e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3668345e, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3668345e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.191] FindNextFileW (in: hFindFile=0x6010c0, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x3668345e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x892ba5f4, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x3668345e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x3c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de7cf8a7901d2ad13e5c67c29e5d1662_0eb980ab-861b-4791-9d42-dd7c247907ac", cAlternateFileName="DE7CF8~1")) returned 1 [0212.192] FindNextFileW (in: hFindFile=0x6010c0, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.192] FindClose (in: hFindFile=0x6010c0 | out: hFindFile=0x6010c0) returned 1 [0212.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.193] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\Keys", nBufferLength=0x105, lpBuffer=0x1abce630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\Keys", lpFilePart=0x0) returned 0x38 [0212.193] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\Keys\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\crypto\\keys\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3668345e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12dadabc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3668345e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.193] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3668345e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12dadabc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3668345e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.193] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x3668345e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x892ba5f4, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x3668345e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x3c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de7cf8a7901d2ad13e5c67c29e5d1662_0eb980ab-861b-4791-9d42-dd7c247907ac", cAlternateFileName="DE7CF8~1")) returned 1 [0212.193] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x3668345e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x892ba5f4, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x3668345e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x3c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de7cf8a7901d2ad13e5c67c29e5d1662_0eb980ab-861b-4791-9d42-dd7c247907ac", cAlternateFileName="DE7CF8~1")) returned 0 [0212.193] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0212.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.195] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\RSA", nBufferLength=0x105, lpBuffer=0x1abce630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\RSA", lpFilePart=0x0) returned 0x37 [0212.195] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\crypto\\rsa\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x93f122b4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x365783b6, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600b80 [0212.196] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x93f122b4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x365783b6, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.196] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x93f122b4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x365783b6, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0212.196] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x93f122b4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x365783b6, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0212.196] FindClose (in: hFindFile=0x600b80 | out: hFindFile=0x600b80) returned 1 [0212.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.196] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\RSA", nBufferLength=0x105, lpBuffer=0x1abce630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\RSA", lpFilePart=0x0) returned 0x37 [0212.196] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\crypto\\rsa\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12dd3c15, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x365783b6, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600c40 [0212.197] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12dd3c15, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x365783b6, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.197] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x93f122b4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x365783b6, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-245394380-2276627025-4024548581-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0212.197] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.197] FindClose (in: hFindFile=0x600c40 | out: hFindFile=0x600c40) returned 1 [0212.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.197] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x65 [0212.198] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-245394380-2276627025-4024548581-1000\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-245394380-2276627025-4024548581-1000\\*.*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x93f122b4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x93f122b4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0212.198] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abce8f0 | out: lpFindFileData=0x1abce8f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x93f122b4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x93f122b4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.198] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abce8f0 | out: lpFindFileData=0x1abce8f0*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x93f122b4, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x93f122b4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x93f122b4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x32, dwReserved0=0x0, dwReserved1=0x0, cFileName="3de71a738b7c79735b7872c151f8fccc_0eb980ab-861b-4791-9d42-dd7c247907ac", cAlternateFileName="3DE71A~1")) returned 1 [0212.198] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abce8f0 | out: lpFindFileData=0x1abce8f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.198] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0212.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce818) returned 1 [0212.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea68) returned 1 [0212.199] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.199] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-245394380-2276627025-4024548581-1000", nBufferLength=0x105, lpBuffer=0x1abce530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-245394380-2276627025-4024548581-1000", lpFilePart=0x0) returned 0x65 [0212.199] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-245394380-2276627025-4024548581-1000\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-245394380-2276627025-4024548581-1000\\*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12dd3c15, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x93f122b4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6015a0 [0212.199] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abce860 | out: lpFindFileData=0x1abce860*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x365783b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12dd3c15, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x93f122b4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.199] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abce860 | out: lpFindFileData=0x1abce860*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x93f122b4, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x93f122b4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x93f122b4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x32, dwReserved0=0x0, dwReserved1=0x0, cFileName="3de71a738b7c79735b7872c151f8fccc_0eb980ab-861b-4791-9d42-dd7c247907ac", cAlternateFileName="3DE71A~1")) returned 1 [0212.199] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abce860 | out: lpFindFileData=0x1abce860*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x93f122b4, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x93f122b4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x93f122b4, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x32, dwReserved0=0x0, dwReserved1=0x0, cFileName="3de71a738b7c79735b7872c151f8fccc_0eb980ab-861b-4791-9d42-dd7c247907ac", cAlternateFileName="3DE71A~1")) returned 0 [0212.200] FindClose (in: hFindFile=0x6015a0 | out: hFindFile=0x6015a0) returned 1 [0212.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce788) returned 1 [0212.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce9a8) returned 1 [0212.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.200] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3e [0212.201] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd7a0e33a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4edf8b9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a80 [0212.201] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd7a0e33a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4edf8b9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.201] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd7a0e33a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7a690777, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0212.201] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4edf8b9f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4edf8b9f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4edf8b9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 1 [0212.201] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4edf8b9f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4edf8b9f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4edf8b9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 0 [0212.201] FindClose (in: hFindFile=0x601a80 | out: hFindFile=0x601a80) returned 1 [0212.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.202] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x3e [0212.202] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd7a0e33a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4edf8b9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0212.202] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd7a0e33a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4edf8b9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.202] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd7a0e33a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7a690777, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0212.203] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4edf8b9f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4edf8b9f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4edf8b9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 1 [0212.203] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.203] FindClose (in: hFindFile=0x600d60 | out: hFindFile=0x600d60) returned 1 [0212.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.203] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x1abce630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x4b [0212.203] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd7a0e33a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7a690777, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.204] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd7a0e33a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7a690777, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.207] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd7a0e33a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7a690777, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600b80 [0212.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.207] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.208] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\*.*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x430ba197, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9034fb3f, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x671ff5dd, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0212.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce818) returned 1 [0212.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea68) returned 1 [0212.209] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.225] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x430ba197, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12dd3c15, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x671ff5dd, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0212.226] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce788) returned 1 [0212.226] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce9a8) returned 1 [0212.226] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.226] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51f4b44d, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9034fb3f, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x51f4b44d, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0212.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce718) returned 1 [0212.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce968) returned 1 [0212.227] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.227] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51f4b44d, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e203a0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51f4b44d, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.228] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce688) returned 1 [0212.228] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce8a8) returned 1 [0212.228] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.228] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x671ff5dd, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x96bd0a6f, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x945a0c62, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0212.230] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce718) returned 1 [0212.230] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce968) returned 1 [0212.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.231] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x671ff5dd, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e203a0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x945a0c62, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0212.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce688) returned 1 [0212.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce8a8) returned 1 [0212.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.232] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4edf8b9f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4edf8b9f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4edf8b9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.233] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.233] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4edf8b9f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e203a0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4edf8b9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0212.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.234] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\*.*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4edf8b9f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4edf8b9f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4edf8b9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce818) returned 1 [0212.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea68) returned 1 [0212.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.235] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4edf8b9f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e203a0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4edf8b9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0212.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce788) returned 1 [0212.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce9a8) returned 1 [0212.236] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.236] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Network\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\network\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51824697, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51824697, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51824697, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0212.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.237] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.238] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Network\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\network\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51824697, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e203a0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51824697, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0212.238] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.238] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.238] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.239] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\network\\connections\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51824697, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51824697, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51824697, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.240] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.240] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\network\\connections\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51824697, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e203a0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51824697, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.242] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\*.*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51824697, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x5184a780, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51824697, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce818) returned 1 [0212.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea68) returned 1 [0212.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.243] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51824697, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e466af, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51824697, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce788) returned 1 [0212.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce9a8) returned 1 [0212.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.244] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51824697, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51824697, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51824697, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600ca0 [0212.245] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce718) returned 1 [0212.245] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce968) returned 1 [0212.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.246] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51824697, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e466af, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51824697, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.246] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce688) returned 1 [0212.246] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce8a8) returned 1 [0212.246] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.247] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Protect\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\protect\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x347d1155, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x5817e299, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x5817e299, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0212.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.247] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.248] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Protect\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\protect\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x347d1155, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e466af, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x5817e299, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.249] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-245394380-2276627025-4024548581-1000\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-245394380-2276627025-4024548581-1000\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x347d1155, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd8acf2a0, ftLastAccessTime.dwHighDateTime=0x1d9a99d, ftLastWriteTime.dwLowDateTime=0xd8acf2a0, ftLastWriteTime.dwHighDateTime=0x1d9a99d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0212.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.250] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-245394380-2276627025-4024548581-1000\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-245394380-2276627025-4024548581-1000\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x347d1155, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e466af, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xd8acf2a0, ftLastWriteTime.dwHighDateTime=0x1d9a99d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.251] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Spelling\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\spelling\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xae878b47, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x1b24f438, ftLastAccessTime.dwHighDateTime=0x1d942b2, ftLastWriteTime.dwLowDateTime=0xae878b47, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0212.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.252] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.253] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Spelling\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\spelling\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xae878b47, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x12e466af, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xae878b47, ftLastWriteTime.dwHighDateTime=0x1d9429b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.253] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\spelling\\en-us\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xae878b47, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x1b24f438, ftLastAccessTime.dwHighDateTime=0x1d942b2, ftLastWriteTime.dwLowDateTime=0x3fdf8b3c, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.254] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\spelling\\en-us\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xae878b47, ftCreationTime.dwHighDateTime=0x1d9429b, ftLastAccessTime.dwLowDateTime=0x12e466af, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3fdf8b3c, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0212.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.255] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\systemcertificates\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6849fd1f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6849fd1f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x6849fd1f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0212.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.258] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\systemcertificates\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6849fd1f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e466af, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6849fd1f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0212.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.259] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\systemcertificates\\my\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6849fd1f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6849fd1f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x6849fd1f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.260] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\systemcertificates\\my\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6849fd1f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e6c6b0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6849fd1f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601840 [0212.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.260] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\*.*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6849fd1f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xe644c719, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x6849fd1f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce818) returned 1 [0212.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea68) returned 1 [0212.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.261] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6849fd1f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xe644c719, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x6849fd1f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce788) returned 1 [0212.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce9a8) returned 1 [0212.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.262] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\*.*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6849fd1f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xe644c719, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x6849fd1f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0212.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce818) returned 1 [0212.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea68) returned 1 [0212.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.263] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6849fd1f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xe644c719, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x6849fd1f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a80 [0212.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce788) returned 1 [0212.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce9a8) returned 1 [0212.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.263] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\*.*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6849fd1f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xe644c719, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x6849fd1f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce818) returned 1 [0212.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea68) returned 1 [0212.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.264] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6849fd1f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xe644c719, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x6849fd1f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce788) returned 1 [0212.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce9a8) returned 1 [0212.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.265] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Vault\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\vault\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x347aac56, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x347aac56, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x347aac56, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.265] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.265] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.265] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.266] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Vault\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\vault\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x347aac56, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e6c6b0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x347aac56, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6010c0 [0212.266] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.266] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.266] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.266] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd617334b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x1f9cb6c, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.267] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd617334b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x1f9cb6c, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.268] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\AccountPictures\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\accountpictures\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51f4b44d, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51f7172e, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51f7172e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.269] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\AccountPictures\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\accountpictures\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51f4b44d, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e6c6b0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51f7172e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0212.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.270] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\CloudStore\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\cloudstore\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xe0d27ad, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0212.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.271] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\CloudStore\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\cloudstore\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xe0d27ad, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0212.271] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.271] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.271] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.273] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\libraries\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x516ccffe, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xf0fc45a7, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xf0fc45a7, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.279] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\libraries\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x516ccffe, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e92948, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf0fc45a7, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.283] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x50ff1044, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.284] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12e92948, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.284] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\powershell\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f9cb6c, ftCreationTime.dwHighDateTime=0x1d942b2, ftLastAccessTime.dwLowDateTime=0x1f9cb6c, ftLastAccessTime.dwHighDateTime=0x1d942b2, ftLastWriteTime.dwLowDateTime=0x1fc2682, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.286] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\powershell\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f9cb6c, ftCreationTime.dwHighDateTime=0x1d942b2, ftLastAccessTime.dwLowDateTime=0x12e92948, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1fc2682, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6017e0 [0212.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.287] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\powershell\\psreadline\\*.*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1fc2682, ftCreationTime.dwHighDateTime=0x1d942b2, ftLastAccessTime.dwLowDateTime=0x1fc2682, ftLastAccessTime.dwHighDateTime=0x1d942b2, ftLastWriteTime.dwLowDateTime=0x1fc2682, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.290] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce818) returned 1 [0212.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea68) returned 1 [0212.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.291] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine", nBufferLength=0x105, lpBuffer=0x1abce530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine", lpFilePart=0x0) returned 0x4a [0212.291] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\powershell\\psreadline\\*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1fc2682, ftCreationTime.dwHighDateTime=0x1d942b2, ftLastAccessTime.dwLowDateTime=0x12eb8eae, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1fc2682, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0212.292] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abce860 | out: lpFindFileData=0x1abce860*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1fc2682, ftCreationTime.dwHighDateTime=0x1d942b2, ftLastAccessTime.dwLowDateTime=0x12eb8eae, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1fc2682, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.292] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abce860 | out: lpFindFileData=0x1abce860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fc2682, ftCreationTime.dwHighDateTime=0x1d942b2, ftLastAccessTime.dwLowDateTime=0x18ee70e7, ftLastAccessTime.dwHighDateTime=0x1d942b2, ftLastWriteTime.dwLowDateTime=0x18ee70e7, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="ConsoleHost_history.txt", cAlternateFileName="CONSOL~1.TXT")) returned 1 [0212.292] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abce860 | out: lpFindFileData=0x1abce860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fc2682, ftCreationTime.dwHighDateTime=0x1d942b2, ftLastAccessTime.dwLowDateTime=0x18ee70e7, ftLastAccessTime.dwHighDateTime=0x1d942b2, ftLastWriteTime.dwLowDateTime=0x18ee70e7, ftLastWriteTime.dwHighDateTime=0x1d942b2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="ConsoleHost_history.txt", cAlternateFileName="CONSOL~1.TXT")) returned 0 [0212.292] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0212.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce788) returned 1 [0212.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce9a8) returned 1 [0212.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.292] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts", nBufferLength=0x105, lpBuffer=0x1abce630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts", lpFilePart=0x0) returned 0x46 [0212.293] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x328821b6, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.293] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x328821b6, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.293] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x328821b6, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.294] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0212.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.294] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts", nBufferLength=0x105, lpBuffer=0x1abce630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts", lpFilePart=0x0) returned 0x46 [0212.295] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12eb8eae, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0212.295] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12eb8eae, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.295] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12eb8eae, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc86967d2, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.295] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0212.296] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent", nBufferLength=0x105, lpBuffer=0x1abce630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent", lpFilePart=0x0) returned 0x3b [0212.296] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x11b7fbb0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x11b7fbb0, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0212.296] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x11b7fbb0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x11b7fbb0, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.297] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbd3a1fb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xdbd3a1fb, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdbd3a1fb, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x55a, dwReserved0=0x0, dwReserved1=0x0, cFileName="-5Ui6BLg2cDEZ1aGZI_.lnk", cAlternateFileName="-5UI6B~1.LNK")) returned 1 [0212.298] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0356707, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfd2e8ea5, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfd2e8ea5, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x39e, dwReserved0=0x0, dwReserved1=0x0, cFileName="-6JvN5S1cqNGvPDY.lnk", cAlternateFileName="-6JVN5~1.LNK")) returned 1 [0212.299] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d16ca25, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xc245f4f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc245f4f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x226, dwReserved0=0x0, dwReserved1=0x0, cFileName="-mUkc.lnk", cAlternateFileName="")) returned 1 [0212.300] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xddec9178, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xddec9178, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xddec9178, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x462, dwReserved0=0x0, dwReserved1=0x0, cFileName="-TpGaKVbHa97zgS.ppt.lnk", cAlternateFileName="-TPGAK~1.LNK")) returned 1 [0212.301] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea2c2dbe, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xea2c2dbe, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xea2c2dbe, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x438, dwReserved0=0x0, dwReserved1=0x0, cFileName="167VqDu0.lnk", cAlternateFileName="")) returned 1 [0212.302] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3201206, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x60dbe76, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x60dbe76, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x498, dwReserved0=0x0, dwReserved1=0x0, cFileName="2sJQfwB3SA1-aIl-.lnk", cAlternateFileName="2SJQFW~1.LNK")) returned 1 [0212.304] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf920a32a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf920a32a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf920a32a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x46e, dwReserved0=0x0, dwReserved1=0x0, cFileName="3bJ1.lnk", cAlternateFileName="")) returned 1 [0212.305] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf52a3b29, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf52c903b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf52c903b, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="3E8aHN.lnk", cAlternateFileName="")) returned 1 [0212.306] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffd512f6, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x11ba5b9f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x11ba5b9f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="3HUK6hE8Sxy4S31RG.lnk", cAlternateFileName="3HUK6H~1.LNK")) returned 1 [0212.307] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedfef3c8, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xedfef3c8, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xedfef3c8, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x599, dwReserved0=0x0, dwReserved1=0x0, cFileName="3mZ1.lnk", cAlternateFileName="")) returned 1 [0212.307] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefd2f803, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xefd2f803, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xefd2f803, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x431, dwReserved0=0x0, dwReserved1=0x0, cFileName="3oUk3Xp.lnk", cAlternateFileName="")) returned 1 [0212.307] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaec0b78, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xaec0b78, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xaec0b78, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x555, dwReserved0=0x0, dwReserved1=0x0, cFileName="3p6 ohHYs9-.csv.lnk", cAlternateFileName="3P6OHH~1.LNK")) returned 1 [0212.308] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xececc585, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xececc585, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xececc585, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x597, dwReserved0=0x0, dwReserved1=0x0, cFileName="3q1llB5Op_QjTca2eDNb.odp.lnk", cAlternateFileName="3Q1LLB~1.LNK")) returned 1 [0212.308] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfab6c925, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfab6c925, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfab6c925, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x327, dwReserved0=0x0, dwReserved1=0x0, cFileName="3um74xQY2dRtB2 VeQ.lnk", cAlternateFileName="3UM74X~1.LNK")) returned 1 [0212.308] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53bf1f3, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x53bf1f3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x53bf1f3, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x55f, dwReserved0=0x0, dwReserved1=0x0, cFileName="40MOvGfppj4bDSgoaCIa.lnk", cAlternateFileName="40MOVG~1.LNK")) returned 1 [0212.308] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf89b207f, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfe9da1b1, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfe9da1b1, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x475, dwReserved0=0x0, dwReserved1=0x0, cFileName="5JVUFsxkO (2).lnk", cAlternateFileName="5JVUFS~2.LNK")) returned 1 [0212.308] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2f9edfa, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf33401ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf33401ec, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x475, dwReserved0=0x0, dwReserved1=0x0, cFileName="5JVUFsxkO.lnk", cAlternateFileName="5JVUFS~1.LNK")) returned 1 [0212.308] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc8ffcc1, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xdc8ffcc1, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdc8ffcc1, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x488, dwReserved0=0x0, dwReserved1=0x0, cFileName="61De8WLPska01oVom.lnk", cAlternateFileName="61DE8W~1.LNK")) returned 1 [0212.308] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f26ffa, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x7f26ffa, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7f26ffa, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x4c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="6zSAXoBMshJ arRcZrD.lnk", cAlternateFileName="6ZSAXO~1.LNK")) returned 1 [0212.309] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb502cfb, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xb502cfb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xb502cfb, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x546, dwReserved0=0x0, dwReserved1=0x0, cFileName="7AZ xi 6.odp.lnk", cAlternateFileName="7AZXI6~1.LNK")) returned 1 [0212.309] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea8dec8a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xea8dec8a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xea8dec8a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0x0, dwReserved1=0x0, cFileName="7QSM7Bo389nPLE.lnk", cAlternateFileName="7QSM7B~1.LNK")) returned 1 [0212.309] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48b317b0, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xfdbb4435, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfdbb4435, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x411, dwReserved0=0x0, dwReserved1=0x0, cFileName="8gTJ48.lnk", cAlternateFileName="")) returned 1 [0212.309] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd83ace5, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xdd8d341a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdd8d341a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="9bAP9Uzx.lnk", cAlternateFileName="")) returned 1 [0212.310] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf78c8ab3, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf78c8ab3, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf78c8ab3, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x28c, dwReserved0=0x0, dwReserved1=0x0, cFileName="aejUOooWI.lnk", cAlternateFileName="AEJUOO~1.LNK")) returned 1 [0212.310] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40eff4d7, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xf227a034, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf227a034, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x49c, dwReserved0=0x0, dwReserved1=0x0, cFileName="AI-BTkK-C.lnk", cAlternateFileName="AI-BTK~1.LNK")) returned 1 [0212.310] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x699732b, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x699732b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x699732b, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="amGLU92hTOyVS.pptx.lnk", cAlternateFileName="AMGLU9~1.LNK")) returned 1 [0212.310] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8cdb7d4, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe8d01ec5, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe8d01ec5, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x409, dwReserved0=0x0, dwReserved1=0x0, cFileName="aqmU9TUpYSVIUMRXMae4.lnk", cAlternateFileName="AQMU9T~1.LNK")) returned 1 [0212.310] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec68ac10, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xec68ac10, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xec68ac10, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x53a, dwReserved0=0x0, dwReserved1=0x0, cFileName="aucpxM.lnk", cAlternateFileName="")) returned 1 [0212.310] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67aca2eb, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2d600fdd, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0x2d600fdd, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutomaticDestinations", cAlternateFileName="AUTOMA~1")) returned 1 [0212.310] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7d607a3, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf7d607a3, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf7d607a3, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="AwXZ4sgzr.ots.lnk", cAlternateFileName="AWXZ4S~1.LNK")) returned 1 [0212.310] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ae60d1, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x5ae60d1, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x5ae60d1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x42c, dwReserved0=0x0, dwReserved1=0x0, cFileName="aXS6vb.lnk", cAlternateFileName="")) returned 1 [0212.311] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8f3551a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf8f3551a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf8f3551a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x2b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="A_VTOyBLcz6NRbG97.xlsx.lnk", cAlternateFileName="A_VTOY~1.LNK")) returned 1 [0212.311] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfded34e0, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfded34e0, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfded34e0, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="b GzxP7sA1S-0PBuwA.xlsx.lnk", cAlternateFileName="BGZXP7~1.LNK")) returned 1 [0212.311] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11a749bf, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x11a749bf, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x11a749bf, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x48d, dwReserved0=0x0, dwReserved1=0x0, cFileName="bBT-MFL3sFb3zx-FPOy.lnk", cAlternateFileName="BBT-MF~1.LNK")) returned 1 [0212.311] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedb2a859, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xedb2a859, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xedb2a859, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x42c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BG-3Ru.lnk", cAlternateFileName="")) returned 1 [0212.311] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdea43feb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x5b32437, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x5b32437, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x365, dwReserved0=0x0, dwReserved1=0x0, cFileName="BlfnUP.lnk", cAlternateFileName="")) returned 1 [0212.311] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecf18828, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf0db9b27, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf0db9b27, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x44a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BmJalddlQRnVT8k_d-q.lnk", cAlternateFileName="BMJALD~1.LNK")) returned 1 [0212.312] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f2e489, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x1f2e489, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1f2e489, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="bxOJ-KchVEH.lnk", cAlternateFileName="BXOJ-K~1.LNK")) returned 1 [0212.312] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf40cf840, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf40cf840, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf40cf840, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x555, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chkad3-ROtdrHsoCUX.lnk", cAlternateFileName="CHKAD3~1.LNK")) returned 1 [0212.312] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd6eee52, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfd6eee52, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfd6eee52, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x404, dwReserved0=0x0, dwReserved1=0x0, cFileName="CIdAi4WoBaReZGuNW3Z.xlsx.lnk", cAlternateFileName="CIDAI4~1.LNK")) returned 1 [0212.312] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffb615da, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xffb615da, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xffb615da, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x6ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="CNhSRq_988nVmcAoKs I.lnk", cAlternateFileName="CNHSRQ~1.LNK")) returned 1 [0212.312] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x398b8a7, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x8f63f2e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x8f63f2e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files.lnk", cAlternateFileName="COMMON~1.LNK")) returned 1 [0212.312] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6cb6a1a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf6cb6a1a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf6cb6a1a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x28c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CPtLqFgr7.lnk", cAlternateFileName="CPTLQF~1.LNK")) returned 1 [0212.312] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x256d8a2, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x256d8a2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x256d8a2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="CSRpjbn.lnk", cAlternateFileName="")) returned 1 [0212.313] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4250d260, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xba3a1fd, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xba3a1fd, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="cUOFj.lnk", cAlternateFileName="")) returned 1 [0212.313] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67baf1ab, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xf4762aa1, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xf4762aa1, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1 [0212.313] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x423431b, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x423431b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x423431b, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="CxX 3.lnk", cAlternateFileName="CXX3~1.LNK")) returned 1 [0212.313] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x490644ae, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xf0076b48, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf0076b48, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="cYW1VXatB-JI8vQr.lnk", cAlternateFileName="CYW1VX~1.LNK")) returned 1 [0212.313] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5c742b0, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe5c742b0, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe5c742b0, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x467, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dbg3Ddy9SSgsZKwE.doc.lnk", cAlternateFileName="DBG3DD~1.LNK")) returned 1 [0212.314] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x51da7a91, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd617334b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51dcdf1c, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.314] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe225437a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe225437a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe225437a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3db, dwReserved0=0x0, dwReserved1=0x0, cFileName="DMLxoOU.lnk", cAlternateFileName="")) returned 1 [0212.314] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee5e5057, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xbb44fb7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xbb44fb7, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x498, dwReserved0=0x0, dwReserved1=0x0, cFileName="dvC8ktwxOFj7.lnk", cAlternateFileName="DVC8KT~1.LNK")) returned 1 [0212.314] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7785d3d, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xd7785d3d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd7785d3d, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="dy8.lnk", cAlternateFileName="")) returned 1 [0212.314] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf19f1dc8, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf19f1dc8, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf19f1dc8, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x46a, dwReserved0=0x0, dwReserved1=0x0, cFileName="e95MKF1cwUHr.lnk", cAlternateFileName="E95MKF~1.LNK")) returned 1 [0212.314] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51dce234, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x51dce234, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0x51dce234, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x483, dwReserved0=0x0, dwReserved1=0x0, cFileName="EgF5qYYsDP3TXhIOn.pps.lnk", cAlternateFileName="EGF5QY~1.LNK")) returned 1 [0212.314] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x987ad55, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x987ad55, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x987ad55, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0x0, dwReserved1=0x0, cFileName="EIweEXdtYapI-M.doc.lnk", cAlternateFileName="EIWEEX~1.LNK")) returned 1 [0212.315] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe20b0c09, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe20b0c09, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe20b0c09, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x2af, dwReserved0=0x0, dwReserved1=0x0, cFileName="eM1JFyu4JyX_V Ar.doc.lnk", cAlternateFileName="EM1JFY~1.LNK")) returned 1 [0212.315] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9a6a720, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe9a6a720, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe9a6a720, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x304, dwReserved0=0x0, dwReserved1=0x0, cFileName="eTG7NzXPZhX.lnk", cAlternateFileName="ETG7NZ~1.LNK")) returned 1 [0212.315] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe44c7c7b, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe44c7c7b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe44c7c7b, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x53e, dwReserved0=0x0, dwReserved1=0x0, cFileName="EVZV9g78HF1 1b20ex.lnk", cAlternateFileName="EVZV9G~1.LNK")) returned 1 [0212.315] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcf09424, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfcf09424, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfcf09424, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="e_2t.lnk", cAlternateFileName="")) returned 1 [0212.315] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfed478bb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfed478bb, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfed478bb, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x55f, dwReserved0=0x0, dwReserved1=0x0, cFileName="F5J9i2mP6f7Fg yEKZw4.lnk", cAlternateFileName="F5J9I2~1.LNK")) returned 1 [0212.315] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4126c5f9, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xfbbd0e8f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfbbd0e8f, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x409, dwReserved0=0x0, dwReserved1=0x0, cFileName="fabE6LAM6xEtP.lnk", cAlternateFileName="FABE6L~1.LNK")) returned 1 [0212.315] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebc429d0, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xebc429d0, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xebc429d0, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x4a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="fenqGAG3YChp.lnk", cAlternateFileName="FENQGA~1.LNK")) returned 1 [0212.316] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d1b904, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x9d1b904, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x9d1b904, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="FHPuaK.lnk", cAlternateFileName="")) returned 1 [0212.316] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe85c8c8, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfe85c8c8, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfe85c8c8, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x41e, dwReserved0=0x0, dwReserved1=0x0, cFileName="fKIJsgucmnFedTn EAkl.lnk", cAlternateFileName="FKIJSG~1.LNK")) returned 1 [0212.316] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x572c94e, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x572c94e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x572c94e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="GC 5fQQJc4NHBM7mhV.lnk", cAlternateFileName="GC5FQQ~1.LNK")) returned 1 [0212.316] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4845c4b, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x4845c4b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4845c4b, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x409, dwReserved0=0x0, dwReserved1=0x0, cFileName="GDLIsvWIqGajKiRN9dGO.pptx.lnk", cAlternateFileName="GDLISV~1.LNK")) returned 1 [0212.317] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf328152d, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf328152d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf328152d, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x505, dwReserved0=0x0, dwReserved1=0x0, cFileName="gDn4S0f.ppt.lnk", cAlternateFileName="GDN4S0~1.LNK")) returned 1 [0212.317] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c2b1db, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x7c2b1db, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7c2b1db, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gmIBz_0QcERv2HE.lnk", cAlternateFileName="GMIBZ_~1.LNK")) returned 1 [0212.317] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebcb4d79, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x7f9eeac, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7f9eeac, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="gMmQ7sMpVxP4WwXZrp.lnk", cAlternateFileName="GMMQ7S~1.LNK")) returned 1 [0212.318] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe27fdc41, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe27fdc41, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe27fdc41, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x692, dwReserved0=0x0, dwReserved1=0x0, cFileName="goujVTDJ1s18.lnk", cAlternateFileName="GOUJVT~1.LNK")) returned 1 [0212.318] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf683e33f, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf683e33f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf683e33f, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="hIUicmYfr BOKO-G7dUP.flv.lnk", cAlternateFileName="HIUICM~1.LNK")) returned 1 [0212.318] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5be03d4, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf5be03d4, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf5be03d4, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="HP_ON6wZYt.lnk", cAlternateFileName="HP_ON6~1.LNK")) returned 1 [0212.318] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2063d12, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf2063d12, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf2063d12, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x482, dwReserved0=0x0, dwReserved1=0x0, cFileName="I-byl6.lnk", cAlternateFileName="")) returned 1 [0212.318] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeaf6d491, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xeaf6d491, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xeaf6d491, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x5e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="ikU4Z6NJTIS4CI7XUt.lnk", cAlternateFileName="IKU4Z6~1.LNK")) returned 1 [0212.318] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe284a543, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x8699296, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x8699296, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x0, cFileName="J7Kz7aXvYKxh-WWyGI.lnk", cAlternateFileName="J7KZ7A~1.LNK")) returned 1 [0212.319] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf87336b7, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf87336b7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf87336b7, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jfz.flv.lnk", cAlternateFileName="JFZFLV~1.LNK")) returned 1 [0212.320] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5003e830, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x5003e830, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0x5003e830, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x2be, dwReserved0=0x0, dwReserved1=0x0, cFileName="JXeScA2ioPeBdV4Lv_Z.lnk", cAlternateFileName="JXESCA~1.LNK")) returned 1 [0212.320] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x864cbfb, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x864cbfb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x864cbfb, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x6b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JxmR6v_b0d1c1TOkKn.lnk", cAlternateFileName="JXMR6V~1.LNK")) returned 1 [0212.320] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c523eb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf9c523eb, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf9c523eb, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x4d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="jZACGvj_jUniQbGydKt.xlsx.lnk", cAlternateFileName="JZACGV~1.LNK")) returned 1 [0212.320] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5ce6b4e, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf8842eb8, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf8842eb8, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x36a, dwReserved0=0x0, dwReserved1=0x0, cFileName="kQnIf5.lnk", cAlternateFileName="")) returned 1 [0212.320] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb37d51, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfbb37d51, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfbb37d51, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x51e, dwReserved0=0x0, dwReserved1=0x0, cFileName="KrCIJZxudvtCeY.doc.lnk", cAlternateFileName="KRCIJZ~1.LNK")) returned 1 [0212.320] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x962f62, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x962f62, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x962f62, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x43e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kx8A.lnk", cAlternateFileName="")) returned 1 [0212.321] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49574bc5, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x2eaab82, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x2eaab82, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x464, dwReserved0=0x0, dwReserved1=0x0, cFileName="lbLbIV.lnk", cAlternateFileName="")) returned 1 [0212.321] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0d472ad, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf0d472ad, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf0d472ad, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x560, dwReserved0=0x0, dwReserved1=0x0, cFileName="LFcvTFKle.lnk", cAlternateFileName="LFCVTF~1.LNK")) returned 1 [0212.321] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5207cd12, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x8994302, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x8994302, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x40f, dwReserved0=0x0, dwReserved1=0x0, cFileName="LUnjpDpKTSnQmwR3f6Nd.lnk", cAlternateFileName="LUNJPD~1.LNK")) returned 1 [0212.321] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde983ca6, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xde983ca6, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xde983ca6, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x425, dwReserved0=0x0, dwReserved1=0x0, cFileName="l_tj4.lnk", cAlternateFileName="")) returned 1 [0212.321] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d6e5c9, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x5d6e5c9, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x5d6e5c9, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="m62mMrqX1.pptx.lnk", cAlternateFileName="M62MMR~1.LNK")) returned 1 [0212.321] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc985da4, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfc985da4, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfc985da4, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MfGYDk9Y.ppt.lnk", cAlternateFileName="MFGYDK~1.LNK")) returned 1 [0212.322] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ef1517, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x8ef1517, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x8ef1517, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="mL-gKRrD1UEPkt.lnk", cAlternateFileName="ML-GKR~1.LNK")) returned 1 [0212.322] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4028c8c7, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xa2c5446, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xa2c5446, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x422, dwReserved0=0x0, dwReserved1=0x0, cFileName="mLpk6DQaJ9.lnk", cAlternateFileName="MLPK6D~1.LNK")) returned 1 [0212.322] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd810f582, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xd810f582, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd810f582, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x483, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOoazXE175u-tWOUa.lnk", cAlternateFileName="MOOAZX~1.LNK")) returned 1 [0212.323] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea3cdd3e, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x313338f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x313338f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music.lnk", cAlternateFileName="")) returned 1 [0212.323] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1efa73, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x1efa73, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1efa73, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="MV73nxGICe.lnk", cAlternateFileName="MV73NX~1.LNK")) returned 1 [0212.323] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc297a6b, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xdc297a6b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdc297a6b, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x27b, dwReserved0=0x0, dwReserved1=0x0, cFileName="N8uzo0.lnk", cAlternateFileName="")) returned 1 [0212.323] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0515400, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf0515400, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf0515400, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x46c, dwReserved0=0x0, dwReserved1=0x0, cFileName="novXISG4jJT9ZShRo.ods.lnk", cAlternateFileName="NOVXIS~1.LNK")) returned 1 [0212.323] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe6df57e, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfe6df57e, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfe6df57e, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="oBVXWpqYBK.pptx.lnk", cAlternateFileName="OBVXWP~1.LNK")) returned 1 [0212.323] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec72349d, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xb54f324, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xb54f324, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x43b, dwReserved0=0x0, dwReserved1=0x0, cFileName="oByX88izFWIaL4.lnk", cAlternateFileName="OBYX88~1.LNK")) returned 1 [0212.323] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff7a75af, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xff7a75af, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xff7a75af, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="oGnP UReG2.flv.lnk", cAlternateFileName="OGNPUR~1.LNK")) returned 1 [0212.324] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1b79680, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe1b9fafa, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe1b9fafa, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="ogw4Mz9WHOq.lnk", cAlternateFileName="OGW4MZ~1.LNK")) returned 1 [0212.324] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5278b1, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xa5278b1, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xa5278b1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x37b, dwReserved0=0x0, dwReserved1=0x0, cFileName="OgZRcboo9 (2).lnk", cAlternateFileName="OGZRCB~2.LNK")) returned 1 [0212.324] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5200a599, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xe50ffe5a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe50ffe5a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x37b, dwReserved0=0x0, dwReserved1=0x0, cFileName="OgZRcboo9.lnk", cAlternateFileName="OGZRCB~1.LNK")) returned 1 [0212.324] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfb4a85c, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xdfb4a85c, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdfb4a85c, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x517, dwReserved0=0x0, dwReserved1=0x0, cFileName="ouGe8u.lnk", cAlternateFileName="")) returned 1 [0212.324] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34a0b53, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x34a0b53, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x34a0b53, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="OvLGXdJo_8CMQ.doc.lnk", cAlternateFileName="OVLGXD~1.LNK")) returned 1 [0212.324] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe12aec0c, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe12aec0c, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe12aec0c, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x404, dwReserved0=0x0, dwReserved1=0x0, cFileName="P Qbc4C6_8tW2SWaqVE.xlsx.lnk", cAlternateFileName="PQBC4C~1.LNK")) returned 1 [0212.325] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c394c0, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x6c394c0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6c394c0, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x40f, dwReserved0=0x0, dwReserved1=0x0, cFileName="P4nhTG-oMiEDYv2EH.lnk", cAlternateFileName="P4NHTG~1.LNK")) returned 1 [0212.325] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd9920e1, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x776649c, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x776649c, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures.lnk", cAlternateFileName="")) returned 1 [0212.325] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x509ded3, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x509ded3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x509ded3, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="PqsS9Gq RHGz.lnk", cAlternateFileName="PQSS9G~1.LNK")) returned 1 [0212.325] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9afa40, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xa9afa40, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xa9afa40, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x313, dwReserved0=0x0, dwReserved1=0x0, cFileName="prv-43xC-PpR5k.ppt.lnk", cAlternateFileName="PRV-43~1.LNK")) returned 1 [0212.325] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe508d790, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe508d790, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe508d790, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x45b, dwReserved0=0x0, dwReserved1=0x0, cFileName="pUTUVKAK.xlsx.lnk", cAlternateFileName="PUTUVK~1.LNK")) returned 1 [0212.325] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe0e9291, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfe0e9291, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfe0e9291, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x4bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="QCPL9rrlRNtbF01 0.lnk", cAlternateFileName="QCPL9R~1.LNK")) returned 1 [0212.326] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf6ed061, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xdf6ed061, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdf6ed061, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x53c, dwReserved0=0x0, dwReserved1=0x0, cFileName="qs6pMlaa5Rs-Y.lnk", cAlternateFileName="QS6PML~1.LNK")) returned 1 [0212.326] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x185080a, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x185080a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x185080a, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="q_HhEd.pptx.lnk", cAlternateFileName="Q_HHED~1.LNK")) returned 1 [0212.326] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4cade387, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x11ac0d91, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x11ac0d91, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x37b, dwReserved0=0x0, dwReserved1=0x0, cFileName="rFTl6BSzg_.lnk", cAlternateFileName="RFTL6B~1.LNK")) returned 1 [0212.326] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e9b67b8, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x11183cac, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x11183cac, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x30f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming (2).lnk", cAlternateFileName="ROAMIN~1.LNK")) returned 1 [0212.326] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3df43cc3, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x4ab5c60c, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0x4ab5c60c, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x30f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming.lnk", cAlternateFileName="")) returned 1 [0212.326] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbef1346, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfbef1346, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfbef1346, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x291, dwReserved0=0x0, dwReserved1=0x0, cFileName="rSXGxtmLV1.lnk", cAlternateFileName="RSXGXT~1.LNK")) returned 1 [0212.326] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb96938a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xeb96938a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xeb96938a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x28c, dwReserved0=0x0, dwReserved1=0x0, cFileName="s3mDZhojg.lnk", cAlternateFileName="S3MDZH~1.LNK")) returned 1 [0212.326] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2c3f42c, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf2c3f42c, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf2c3f42c, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x4bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="s6LOWfDyf84Fy2ur3.lnk", cAlternateFileName="S6LOWF~1.LNK")) returned 1 [0212.327] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee3cf1e4, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xee3f5166, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xee3f5166, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x6ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScFVHzsefvu1Kt2J0.lnk", cAlternateFileName="SCFVHZ~1.LNK")) returned 1 [0212.327] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5fba47, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xf5fba47, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf5fba47, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="sg MXaT5p_6OuAzIkQ9b.lnk", cAlternateFileName="SGMXAT~1.LNK")) returned 1 [0212.327] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf74c2d56, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf74c2d56, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf74c2d56, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="smN8Rnib6nLWu.xlsx.lnk", cAlternateFileName="SMN8RN~1.LNK")) returned 1 [0212.327] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd55f9e01, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xd55f9e01, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd55f9e01, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="snzDMqSsgLa.lnk", cAlternateFileName="SNZDMQ~1.LNK")) returned 1 [0212.327] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9ff2d22, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xd9ff2d22, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd9ff2d22, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x40c, dwReserved0=0x0, dwReserved1=0x0, cFileName="srqzB.flv.lnk", cAlternateFileName="SRQZBF~1.LNK")) returned 1 [0212.327] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef9035d8, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xef9035d8, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xef9035d8, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="tFcCKPod.lnk", cAlternateFileName="")) returned 1 [0212.327] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4e8ea2, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xa4e8ea2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xa4e8ea2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0x0, dwReserved1=0x0, cFileName="tKwoXg9sP.lnk", cAlternateFileName="TKWOXG~1.LNK")) returned 1 [0212.328] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc68b09c, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfc68b09c, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfc68b09c, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="TL__DH.flv.lnk", cAlternateFileName="TL__DH~1.LNK")) returned 1 [0212.328] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22cab4, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xa22cab4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xa22cab4, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x523, dwReserved0=0x0, dwReserved1=0x0, cFileName="u7sDs2LZ.lnk", cAlternateFileName="")) returned 1 [0212.328] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8bc89d, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xb8bc89d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xb8bc89d, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="UHkhqoDlS1ZMy4YF1xN.xls.lnk", cAlternateFileName="UHKHQO~1.LNK")) returned 1 [0212.329] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x107b1e5c, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x107b1e5c, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x107b1e5c, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="UkJYmBRGn-l6870DyiLq.lnk", cAlternateFileName="UKJYMB~1.LNK")) returned 1 [0212.329] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd2767c2, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfd2767c2, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfd2767c2, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x47b, dwReserved0=0x0, dwReserved1=0x0, cFileName="uLcxfT.pps.lnk", cAlternateFileName="ULCXFT~1.LNK")) returned 1 [0212.329] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76f3d54, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x76f3d54, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x76f3d54, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UP8au-zEVP8.lnk", cAlternateFileName="UP8AU-~1.LNK")) returned 1 [0212.329] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d99ed53, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x4def410, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4def410, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.lnk", cAlternateFileName="")) returned 1 [0212.329] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xddf61b09, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x95a6121, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x95a6121, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x36a, dwReserved0=0x0, dwReserved1=0x0, cFileName="vPtkmO.lnk", cAlternateFileName="")) returned 1 [0212.329] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe93b5dc7, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe93b5dc7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe93b5dc7, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="vrypMS0u_xB.lnk", cAlternateFileName="VRYPMS~1.LNK")) returned 1 [0212.329] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa1d5b8f, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfa1d5b8f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfa1d5b8f, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x26f, dwReserved0=0x0, dwReserved1=0x0, cFileName="VvJS.odp.lnk", cAlternateFileName="VVJSOD~1.LNK")) returned 1 [0212.330] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdacf43b, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xdad5eb7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xdad5eb7, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="w7V8A-uHWT3m-XUwfg56.lnk", cAlternateFileName="W7V8A-~1.LNK")) returned 1 [0212.330] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf83a2718, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf83a2718, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf83a2718, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x51b, dwReserved0=0x0, dwReserved1=0x0, cFileName="WDmuMj12Phg.lnk", cAlternateFileName="WDMUMJ~1.LNK")) returned 1 [0212.330] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c7e634, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe6c7e634, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe6c7e634, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="wFdXt6C3g60.lnk", cAlternateFileName="WFDXT6~1.LNK")) returned 1 [0212.330] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdee9b223, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xdee9b223, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdee9b223, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="WfobQHYIBDGT.ods.lnk", cAlternateFileName="WFOBQH~1.LNK")) returned 1 [0212.330] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf63536ea, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf63536ea, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf63536ea, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x6ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="WFsJxSQxtzsU8zvNclOo.lnk", cAlternateFileName="WFSJXS~1.LNK")) returned 1 [0212.330] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38808aa, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x38808aa, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x38808aa, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x383, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wse91V.lnk", cAlternateFileName="")) returned 1 [0212.330] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc25ed61, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfc25ed61, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfc25ed61, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x2ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="wsjB3_tj0w.lnk", cAlternateFileName="WSJB3_~1.LNK")) returned 1 [0212.331] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee92c28b, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xee92c28b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xee92c28b, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x5d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wy7xkGTjTM8mqiSz.lnk", cAlternateFileName="WY7XKG~1.LNK")) returned 1 [0212.331] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eb34257, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xb92eec2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xb92eec2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="XAdPkF7sUkUXx_LAj0.lnk", cAlternateFileName="XADPKF~1.LNK")) returned 1 [0212.331] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef2c11fb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xef2c11fb, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xef2c11fb, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="XJlr4B62K0xVJsS jZ.lnk", cAlternateFileName="XJLR4B~1.LNK")) returned 1 [0212.331] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe02e3e8c, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe02e3e8c, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe02e3e8c, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x46f, dwReserved0=0x0, dwReserved1=0x0, cFileName="xmWl.csv.lnk", cAlternateFileName="XMWLCS~1.LNK")) returned 1 [0212.331] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70074c, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x70074c, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x70074c, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x447, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xr4V9WaT5ttMZmeN.flv.lnk", cAlternateFileName="XR4V9W~1.LNK")) returned 1 [0212.331] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9066965, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf9066965, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf9066965, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="xRlhM7BkA6.lnk", cAlternateFileName="XRLHM7~1.LNK")) returned 1 [0212.332] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1f995c, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xc1f995c, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc1f995c, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xvc2R9.flv.lnk", cAlternateFileName="XVC2R9~1.LNK")) returned 1 [0212.332] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa5dbbd1, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfa5dbbd1, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfa5dbbd1, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x2f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="YkjIrU5f.pps.lnk", cAlternateFileName="YKJIRU~1.LNK")) returned 1 [0212.332] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb208033, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xb208033, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xb208033, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yme_Rm4L2kuXKjrR V.odp.lnk", cAlternateFileName="YME_RM~1.LNK")) returned 1 [0212.332] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9533829, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x9533829, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x9533829, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x46c, dwReserved0=0x0, dwReserved1=0x0, cFileName="zCcWRD8QwPIFlQ2Uo.lnk", cAlternateFileName="ZCCWRD~1.LNK")) returned 1 [0212.332] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3eabc09, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe3eabc09, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe3eabc09, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x451, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZRXGsN4Yw6b0TwCVAl.flv.lnk", cAlternateFileName="ZRXGSN~1.LNK")) returned 1 [0212.332] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4da3094, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x4da3094, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4da3094, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x399, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZzS4.flv.lnk", cAlternateFileName="ZZS4FL~1.LNK")) returned 1 [0212.333] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1506ecb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf1506ecb, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf1506ecb, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="__elk.ppt.lnk", cAlternateFileName="__ELKP~1.LNK")) returned 1 [0212.333] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.333] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0212.333] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent", nBufferLength=0x105, lpBuffer=0x1abce630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent", lpFilePart=0x0) returned 0x3b [0212.334] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x11b7fbb0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x11b7fbb0, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.335] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x11b7fbb0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x11b7fbb0, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.335] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbd3a1fb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xdbd3a1fb, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdbd3a1fb, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x55a, dwReserved0=0x0, dwReserved1=0x0, cFileName="-5Ui6BLg2cDEZ1aGZI_.lnk", cAlternateFileName="-5UI6B~1.LNK")) returned 1 [0212.335] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0356707, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfd2e8ea5, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfd2e8ea5, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x39e, dwReserved0=0x0, dwReserved1=0x0, cFileName="-6JvN5S1cqNGvPDY.lnk", cAlternateFileName="-6JVN5~1.LNK")) returned 1 [0212.335] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d16ca25, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xc245f4f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc245f4f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x226, dwReserved0=0x0, dwReserved1=0x0, cFileName="-mUkc.lnk", cAlternateFileName="")) returned 1 [0212.335] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xddec9178, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xddec9178, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xddec9178, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x462, dwReserved0=0x0, dwReserved1=0x0, cFileName="-TpGaKVbHa97zgS.ppt.lnk", cAlternateFileName="-TPGAK~1.LNK")) returned 1 [0212.335] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea2c2dbe, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xea2c2dbe, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xea2c2dbe, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x438, dwReserved0=0x0, dwReserved1=0x0, cFileName="167VqDu0.lnk", cAlternateFileName="")) returned 1 [0212.335] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3201206, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x60dbe76, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x60dbe76, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x498, dwReserved0=0x0, dwReserved1=0x0, cFileName="2sJQfwB3SA1-aIl-.lnk", cAlternateFileName="2SJQFW~1.LNK")) returned 1 [0212.335] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf920a32a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf920a32a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf920a32a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x46e, dwReserved0=0x0, dwReserved1=0x0, cFileName="3bJ1.lnk", cAlternateFileName="")) returned 1 [0212.335] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf52a3b29, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf52c903b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf52c903b, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="3E8aHN.lnk", cAlternateFileName="")) returned 1 [0212.336] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffd512f6, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x11ba5b9f, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x11ba5b9f, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="3HUK6hE8Sxy4S31RG.lnk", cAlternateFileName="3HUK6H~1.LNK")) returned 1 [0212.336] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedfef3c8, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xedfef3c8, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xedfef3c8, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x599, dwReserved0=0x0, dwReserved1=0x0, cFileName="3mZ1.lnk", cAlternateFileName="")) returned 1 [0212.336] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefd2f803, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xefd2f803, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xefd2f803, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x431, dwReserved0=0x0, dwReserved1=0x0, cFileName="3oUk3Xp.lnk", cAlternateFileName="")) returned 1 [0212.336] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaec0b78, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xaec0b78, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xaec0b78, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x555, dwReserved0=0x0, dwReserved1=0x0, cFileName="3p6 ohHYs9-.csv.lnk", cAlternateFileName="3P6OHH~1.LNK")) returned 1 [0212.336] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xececc585, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xececc585, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xececc585, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x597, dwReserved0=0x0, dwReserved1=0x0, cFileName="3q1llB5Op_QjTca2eDNb.odp.lnk", cAlternateFileName="3Q1LLB~1.LNK")) returned 1 [0212.336] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfab6c925, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfab6c925, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfab6c925, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x327, dwReserved0=0x0, dwReserved1=0x0, cFileName="3um74xQY2dRtB2 VeQ.lnk", cAlternateFileName="3UM74X~1.LNK")) returned 1 [0212.336] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53bf1f3, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x53bf1f3, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x53bf1f3, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x55f, dwReserved0=0x0, dwReserved1=0x0, cFileName="40MOvGfppj4bDSgoaCIa.lnk", cAlternateFileName="40MOVG~1.LNK")) returned 1 [0212.336] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf89b207f, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfe9da1b1, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfe9da1b1, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x475, dwReserved0=0x0, dwReserved1=0x0, cFileName="5JVUFsxkO (2).lnk", cAlternateFileName="5JVUFS~2.LNK")) returned 1 [0212.336] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2f9edfa, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf33401ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf33401ec, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x475, dwReserved0=0x0, dwReserved1=0x0, cFileName="5JVUFsxkO.lnk", cAlternateFileName="5JVUFS~1.LNK")) returned 1 [0212.336] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc8ffcc1, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xdc8ffcc1, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdc8ffcc1, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x488, dwReserved0=0x0, dwReserved1=0x0, cFileName="61De8WLPska01oVom.lnk", cAlternateFileName="61DE8W~1.LNK")) returned 1 [0212.336] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f26ffa, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x7f26ffa, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7f26ffa, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x4c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="6zSAXoBMshJ arRcZrD.lnk", cAlternateFileName="6ZSAXO~1.LNK")) returned 1 [0212.336] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb502cfb, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0xb502cfb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xb502cfb, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x546, dwReserved0=0x0, dwReserved1=0x0, cFileName="7AZ xi 6.odp.lnk", cAlternateFileName="7AZXI6~1.LNK")) returned 1 [0212.337] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea8dec8a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xea8dec8a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xea8dec8a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0x0, dwReserved1=0x0, cFileName="7QSM7Bo389nPLE.lnk", cAlternateFileName="7QSM7B~1.LNK")) returned 1 [0212.337] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48b317b0, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xfdbb4435, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfdbb4435, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x411, dwReserved0=0x0, dwReserved1=0x0, cFileName="8gTJ48.lnk", cAlternateFileName="")) returned 1 [0212.337] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd83ace5, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xdd8d341a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xdd8d341a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="9bAP9Uzx.lnk", cAlternateFileName="")) returned 1 [0212.337] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf78c8ab3, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf78c8ab3, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf78c8ab3, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x28c, dwReserved0=0x0, dwReserved1=0x0, cFileName="aejUOooWI.lnk", cAlternateFileName="AEJUOO~1.LNK")) returned 1 [0212.337] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40eff4d7, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xf227a034, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf227a034, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x49c, dwReserved0=0x0, dwReserved1=0x0, cFileName="AI-BTkK-C.lnk", cAlternateFileName="AI-BTK~1.LNK")) returned 1 [0212.337] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x699732b, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x699732b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x699732b, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="amGLU92hTOyVS.pptx.lnk", cAlternateFileName="AMGLU9~1.LNK")) returned 1 [0212.337] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8cdb7d4, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe8d01ec5, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe8d01ec5, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x409, dwReserved0=0x0, dwReserved1=0x0, cFileName="aqmU9TUpYSVIUMRXMae4.lnk", cAlternateFileName="AQMU9T~1.LNK")) returned 1 [0212.337] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec68ac10, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xec68ac10, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xec68ac10, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x53a, dwReserved0=0x0, dwReserved1=0x0, cFileName="aucpxM.lnk", cAlternateFileName="")) returned 1 [0212.337] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67aca2eb, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2d600fdd, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0x2d600fdd, ftLastWriteTime.dwHighDateTime=0x1d942a1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutomaticDestinations", cAlternateFileName="AUTOMA~1")) returned 1 [0212.337] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7d607a3, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf7d607a3, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf7d607a3, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="AwXZ4sgzr.ots.lnk", cAlternateFileName="AWXZ4S~1.LNK")) returned 1 [0212.337] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ae60d1, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x5ae60d1, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x5ae60d1, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x42c, dwReserved0=0x0, dwReserved1=0x0, cFileName="aXS6vb.lnk", cAlternateFileName="")) returned 1 [0212.337] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8f3551a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf8f3551a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf8f3551a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x2b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="A_VTOyBLcz6NRbG97.xlsx.lnk", cAlternateFileName="A_VTOY~1.LNK")) returned 1 [0212.338] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfded34e0, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfded34e0, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfded34e0, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="b GzxP7sA1S-0PBuwA.xlsx.lnk", cAlternateFileName="BGZXP7~1.LNK")) returned 1 [0212.338] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11a749bf, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x11a749bf, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x11a749bf, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x48d, dwReserved0=0x0, dwReserved1=0x0, cFileName="bBT-MFL3sFb3zx-FPOy.lnk", cAlternateFileName="BBT-MF~1.LNK")) returned 1 [0212.338] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedb2a859, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xedb2a859, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xedb2a859, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x42c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BG-3Ru.lnk", cAlternateFileName="")) returned 1 [0212.338] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdea43feb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x5b32437, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x5b32437, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x365, dwReserved0=0x0, dwReserved1=0x0, cFileName="BlfnUP.lnk", cAlternateFileName="")) returned 1 [0212.338] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecf18828, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf0db9b27, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf0db9b27, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x44a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BmJalddlQRnVT8k_d-q.lnk", cAlternateFileName="BMJALD~1.LNK")) returned 1 [0212.338] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f2e489, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x1f2e489, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x1f2e489, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="bxOJ-KchVEH.lnk", cAlternateFileName="BXOJ-K~1.LNK")) returned 1 [0212.338] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf40cf840, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf40cf840, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf40cf840, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x555, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chkad3-ROtdrHsoCUX.lnk", cAlternateFileName="CHKAD3~1.LNK")) returned 1 [0212.338] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd6eee52, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfd6eee52, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfd6eee52, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x404, dwReserved0=0x0, dwReserved1=0x0, cFileName="CIdAi4WoBaReZGuNW3Z.xlsx.lnk", cAlternateFileName="CIDAI4~1.LNK")) returned 1 [0212.338] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffb615da, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xffb615da, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xffb615da, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x6ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="CNhSRq_988nVmcAoKs I.lnk", cAlternateFileName="CNHSRQ~1.LNK")) returned 1 [0212.338] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x398b8a7, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x8f63f2e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x8f63f2e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x2c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files.lnk", cAlternateFileName="COMMON~1.LNK")) returned 1 [0212.338] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6cb6a1a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf6cb6a1a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf6cb6a1a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x28c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CPtLqFgr7.lnk", cAlternateFileName="CPTLQF~1.LNK")) returned 1 [0212.338] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x256d8a2, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x256d8a2, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x256d8a2, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="CSRpjbn.lnk", cAlternateFileName="")) returned 1 [0212.339] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4250d260, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xba3a1fd, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xba3a1fd, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="cUOFj.lnk", cAlternateFileName="")) returned 1 [0212.339] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67baf1ab, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xf4762aa1, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xf4762aa1, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1 [0212.339] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x423431b, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x423431b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x423431b, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="CxX 3.lnk", cAlternateFileName="CXX3~1.LNK")) returned 1 [0212.339] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x490644ae, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xf0076b48, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf0076b48, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="cYW1VXatB-JI8vQr.lnk", cAlternateFileName="CYW1VX~1.LNK")) returned 1 [0212.339] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5c742b0, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe5c742b0, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe5c742b0, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x467, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dbg3Ddy9SSgsZKwE.doc.lnk", cAlternateFileName="DBG3DD~1.LNK")) returned 1 [0212.339] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x51da7a91, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd617334b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51dcdf1c, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.339] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe225437a, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe225437a, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe225437a, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3db, dwReserved0=0x0, dwReserved1=0x0, cFileName="DMLxoOU.lnk", cAlternateFileName="")) returned 1 [0212.339] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee5e5057, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xbb44fb7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xbb44fb7, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x498, dwReserved0=0x0, dwReserved1=0x0, cFileName="dvC8ktwxOFj7.lnk", cAlternateFileName="DVC8KT~1.LNK")) returned 1 [0212.339] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7785d3d, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xd7785d3d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd7785d3d, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="dy8.lnk", cAlternateFileName="")) returned 1 [0212.339] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf19f1dc8, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf19f1dc8, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf19f1dc8, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x46a, dwReserved0=0x0, dwReserved1=0x0, cFileName="e95MKF1cwUHr.lnk", cAlternateFileName="E95MKF~1.LNK")) returned 1 [0212.339] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51dce234, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x51dce234, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0x51dce234, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x483, dwReserved0=0x0, dwReserved1=0x0, cFileName="EgF5qYYsDP3TXhIOn.pps.lnk", cAlternateFileName="EGF5QY~1.LNK")) returned 1 [0212.339] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x987ad55, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x987ad55, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x987ad55, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0x0, dwReserved1=0x0, cFileName="EIweEXdtYapI-M.doc.lnk", cAlternateFileName="EIWEEX~1.LNK")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe20b0c09, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe20b0c09, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe20b0c09, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x2af, dwReserved0=0x0, dwReserved1=0x0, cFileName="eM1JFyu4JyX_V Ar.doc.lnk", cAlternateFileName="EM1JFY~1.LNK")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9a6a720, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe9a6a720, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe9a6a720, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x304, dwReserved0=0x0, dwReserved1=0x0, cFileName="eTG7NzXPZhX.lnk", cAlternateFileName="ETG7NZ~1.LNK")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe44c7c7b, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe44c7c7b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe44c7c7b, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x53e, dwReserved0=0x0, dwReserved1=0x0, cFileName="EVZV9g78HF1 1b20ex.lnk", cAlternateFileName="EVZV9G~1.LNK")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcf09424, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfcf09424, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfcf09424, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="e_2t.lnk", cAlternateFileName="")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfed478bb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfed478bb, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfed478bb, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x55f, dwReserved0=0x0, dwReserved1=0x0, cFileName="F5J9i2mP6f7Fg yEKZw4.lnk", cAlternateFileName="F5J9I2~1.LNK")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4126c5f9, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0xfbbd0e8f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfbbd0e8f, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x409, dwReserved0=0x0, dwReserved1=0x0, cFileName="fabE6LAM6xEtP.lnk", cAlternateFileName="FABE6L~1.LNK")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebc429d0, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xebc429d0, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xebc429d0, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x4a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="fenqGAG3YChp.lnk", cAlternateFileName="FENQGA~1.LNK")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d1b904, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x9d1b904, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x9d1b904, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="FHPuaK.lnk", cAlternateFileName="")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe85c8c8, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfe85c8c8, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfe85c8c8, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x41e, dwReserved0=0x0, dwReserved1=0x0, cFileName="fKIJsgucmnFedTn EAkl.lnk", cAlternateFileName="FKIJSG~1.LNK")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x572c94e, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x572c94e, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x572c94e, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="GC 5fQQJc4NHBM7mhV.lnk", cAlternateFileName="GC5FQQ~1.LNK")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4845c4b, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x4845c4b, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4845c4b, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x409, dwReserved0=0x0, dwReserved1=0x0, cFileName="GDLIsvWIqGajKiRN9dGO.pptx.lnk", cAlternateFileName="GDLISV~1.LNK")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf328152d, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf328152d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf328152d, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x505, dwReserved0=0x0, dwReserved1=0x0, cFileName="gDn4S0f.ppt.lnk", cAlternateFileName="GDN4S0~1.LNK")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c2b1db, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x7c2b1db, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7c2b1db, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gmIBz_0QcERv2HE.lnk", cAlternateFileName="GMIBZ_~1.LNK")) returned 1 [0212.340] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebcb4d79, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x7f9eeac, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7f9eeac, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="gMmQ7sMpVxP4WwXZrp.lnk", cAlternateFileName="GMMQ7S~1.LNK")) returned 1 [0212.341] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe27fdc41, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xe27fdc41, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe27fdc41, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x692, dwReserved0=0x0, dwReserved1=0x0, cFileName="goujVTDJ1s18.lnk", cAlternateFileName="GOUJVT~1.LNK")) returned 1 [0212.341] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf683e33f, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf683e33f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf683e33f, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="hIUicmYfr BOKO-G7dUP.flv.lnk", cAlternateFileName="HIUICM~1.LNK")) returned 1 [0212.341] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5be03d4, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf5be03d4, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf5be03d4, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x3ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="HP_ON6wZYt.lnk", cAlternateFileName="HP_ON6~1.LNK")) returned 1 [0212.341] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2063d12, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf2063d12, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf2063d12, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x482, dwReserved0=0x0, dwReserved1=0x0, cFileName="I-byl6.lnk", cAlternateFileName="")) returned 1 [0212.341] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeaf6d491, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xeaf6d491, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xeaf6d491, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x5e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="ikU4Z6NJTIS4CI7XUt.lnk", cAlternateFileName="IKU4Z6~1.LNK")) returned 1 [0212.341] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe284a543, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0x8699296, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x8699296, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x0, cFileName="J7Kz7aXvYKxh-WWyGI.lnk", cAlternateFileName="J7KZ7A~1.LNK")) returned 1 [0212.341] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf87336b7, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf87336b7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf87336b7, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jfz.flv.lnk", cAlternateFileName="JFZFLV~1.LNK")) returned 1 [0212.341] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5003e830, ftCreationTime.dwHighDateTime=0x1d9b560, ftLastAccessTime.dwLowDateTime=0x5003e830, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0x5003e830, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x2be, dwReserved0=0x0, dwReserved1=0x0, cFileName="JXeScA2ioPeBdV4Lv_Z.lnk", cAlternateFileName="JXESCA~1.LNK")) returned 1 [0212.341] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x864cbfb, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x864cbfb, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x864cbfb, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x6b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JxmR6v_b0d1c1TOkKn.lnk", cAlternateFileName="JXMR6V~1.LNK")) returned 1 [0212.341] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c523eb, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf9c523eb, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf9c523eb, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x4d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="jZACGvj_jUniQbGydKt.xlsx.lnk", cAlternateFileName="JZACGV~1.LNK")) returned 1 [0212.341] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5ce6b4e, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xf8842eb8, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xf8842eb8, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x36a, dwReserved0=0x0, dwReserved1=0x0, cFileName="kQnIf5.lnk", cAlternateFileName="")) returned 1 [0212.341] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb37d51, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xfbb37d51, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfbb37d51, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x51e, dwReserved0=0x0, dwReserved1=0x0, cFileName="KrCIJZxudvtCeY.doc.lnk", cAlternateFileName="KRCIJZ~1.LNK")) returned 1 [0212.341] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x962f62, ftCreationTime.dwHighDateTime=0x1da1c12, ftLastAccessTime.dwLowDateTime=0x962f62, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x962f62, ftLastWriteTime.dwHighDateTime=0x1da1c12, nFileSizeHigh=0x0, nFileSizeLow=0x43e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kx8A.lnk", cAlternateFileName="")) returned 1 [0212.344] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations", nBufferLength=0x105, lpBuffer=0x1abce530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations", lpFilePart=0x0) returned 0x51 [0212.345] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\*.*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67aca2eb, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2d600fdd, ftLastAccessTime.dwHighDateTime=0x1d942a1, ftLastWriteTime.dwLowDateTime=0x3b1406a6, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601960 [0212.346] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations", nBufferLength=0x105, lpBuffer=0x1abce530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations", lpFilePart=0x0) returned 0x51 [0212.347] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67aca2eb, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f2b277, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x3b1406a6, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0212.347] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations", nBufferLength=0x105, lpBuffer=0x1abce530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations", lpFilePart=0x0) returned 0x4e [0212.348] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\*.*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67baf1ab, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xf4762aa1, ftLastAccessTime.dwHighDateTime=0x1d95650, ftLastWriteTime.dwLowDateTime=0xf4762aa1, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0212.354] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67baf1ab, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f511cf, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf4762aa1, ftLastWriteTime.dwHighDateTime=0x1d95650, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.356] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\sendto\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdc49c712, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xdc49c712, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0212.361] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\sendto\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f511cf, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xdc49c712, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0212.364] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9ac223c7, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x51b91c42, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0212.365] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f511cf, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51b91c42, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.365] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\*.*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9ac223c7, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x52b06bcb, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0212.367] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f775c5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x52b06bcb, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0212.368] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x96bd0a6f, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x402fe65a, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0212.369] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f775c5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x402fe65a, ftLastWriteTime.dwHighDateTime=0x1d61756, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.371] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x96bd0a6f, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x4eca14e5, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.371] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f775c5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4eca14e5, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.372] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51f97c1c, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x96bd0a6f, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x51fbde79, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce718) returned 1 [0212.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce968) returned 1 [0212.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.373] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51f97c1c, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f775c5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51fbde79, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce688) returned 1 [0212.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce8a8) returned 1 [0212.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.374] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9034fb3f, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xc9b733fd, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6017e0 [0212.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce718) returned 1 [0212.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce968) returned 1 [0212.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.375] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f775c5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9b733fd, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce688) returned 1 [0212.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce8a8) returned 1 [0212.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.376] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51f7172e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9ac223c7, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x51f97c1c, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0212.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce718) returned 1 [0212.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce968) returned 1 [0212.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.376] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51f7172e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f775c5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51f97c1c, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce688) returned 1 [0212.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce8a8) returned 1 [0212.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.377] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x96bd0a6f, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xc9b733fd, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0212.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce718) returned 1 [0212.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce968) returned 1 [0212.378] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.379] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f775c5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9b733fd, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0212.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce688) returned 1 [0212.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce8a8) returned 1 [0212.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.379] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\*.*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9034fb3f, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce718) returned 1 [0212.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce968) returned 1 [0212.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abce988) returned 1 [0212.380] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\*"), lpFindFileData=0x1abce730 | out: lpFindFileData=0x1abce730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f775c5, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601960 [0212.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce688) returned 1 [0212.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce8a8) returned 1 [0212.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.381] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\themes\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69824f9e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x8ee00985, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x69da87ea, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0212.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.383] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\themes\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69824f9e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f9e794, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x69da87ea, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0212.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.384] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\*.*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da87ea, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x8ef57fd2, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x6dd6f5e8, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce818) returned 1 [0212.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea68) returned 1 [0212.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcea88) returned 1 [0212.385] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\*"), lpFindFileData=0x1abce830 | out: lpFindFileData=0x1abce830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da87ea, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12f9e794, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x6dd6f5e8, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0212.385] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce788) returned 1 [0212.385] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce9a8) returned 1 [0212.385] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.385] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Sun\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\sun\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa976d6c8, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0xa976d6c8, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xa976d6c8, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0212.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0212.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0212.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.386] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Sun\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\sun\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa976d6c8, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x12f9e794, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xa976d6c8, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0212.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0212.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0212.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.387] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Sun\\Java\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\sun\\java\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa976d6c8, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0xa976d6c8, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xa976d6c8, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.388] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Sun\\Java\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\sun\\java\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa976d6c8, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x12f9e794, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xa976d6c8, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.388] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.388] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.388] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.389] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Sun\\Java\\Deployment\\*.*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\sun\\java\\deployment\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa976d6c8, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0xa976d6c8, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0xa976d6c8, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.390] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\Sun\\Java\\Deployment\\*" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\sun\\java\\deployment\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa976d6c8, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x12f9e794, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xa976d6c8, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0212.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.390] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.390] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Application Data\\*.*" (normalized: "c:\\users\\oqxzraykm\\application data\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.391] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.395] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.396] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Contacts", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Contacts", lpFilePart=0x0) returned 0x1b [0212.396] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Contacts\\*.*" (normalized: "c:\\users\\oqxzraykm\\contacts\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51af929e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51b1f549, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51b1f549, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.397] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51af929e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51b1f549, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51b1f549, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.399] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51b1f549, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x99745a30, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x51b1f549, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.401] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.401] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0212.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.401] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Contacts", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Contacts", lpFilePart=0x0) returned 0x1b [0212.402] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Contacts\\*" (normalized: "c:\\users\\oqxzraykm\\contacts\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51af929e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12fc3d13, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51b1f549, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0212.402] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51af929e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x12fc3d13, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51b1f549, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.403] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51b1f549, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x99745a30, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x51b1f549, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.403] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51b1f549, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x99745a30, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x51b1f549, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0212.403] FindClose (in: hFindFile=0x600d60 | out: hFindFile=0x600d60) returned 1 [0212.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.403] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Cookies", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Cookies", lpFilePart=0x0) returned 0x1a [0212.404] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Cookies\\*.*" (normalized: "c:\\users\\oqxzraykm\\cookies\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.411] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop", lpFilePart=0x0) returned 0x1a [0212.412] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\*.*" (normalized: "c:\\users\\oqxzraykm\\desktop\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd54a26de, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd54a26de, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0212.434] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd54a26de, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd54a26de, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.435] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3339d10, ftCreationTime.dwHighDateTime=0x1d9ace4, ftLastAccessTime.dwLowDateTime=0xe9a908ad, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x19974df0, ftLastWriteTime.dwHighDateTime=0x1d9b4ef, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-mUkc", cAlternateFileName="")) returned 1 [0212.435] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc703fa10, ftCreationTime.dwHighDateTime=0x1d9b1d4, ftLastAccessTime.dwLowDateTime=0xb5d39860, ftLastAccessTime.dwHighDateTime=0x1d9b3c6, ftLastWriteTime.dwLowDateTime=0xb5d39860, ftLastWriteTime.dwHighDateTime=0x1d9b3c6, nFileSizeHigh=0x0, nFileSizeLow=0xf14c, dwReserved0=0x0, dwReserved1=0x0, cFileName="1S3_F4JMA8KT.swf", cAlternateFileName="1S3_F4~1.SWF")) returned 1 [0212.437] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8556d5d0, ftCreationTime.dwHighDateTime=0x1d9a6f1, ftLastAccessTime.dwLowDateTime=0x330fd200, ftLastAccessTime.dwHighDateTime=0x1d9aace, ftLastWriteTime.dwLowDateTime=0x330fd200, ftLastWriteTime.dwHighDateTime=0x1d9aace, nFileSizeHigh=0x0, nFileSizeLow=0x18ffb, dwReserved0=0x0, dwReserved1=0x0, cFileName="5yYgh5AF 38jq.mkv", cAlternateFileName="5YYGH5~1.MKV")) returned 1 [0212.439] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9ba0070, ftCreationTime.dwHighDateTime=0x1d9a5a0, ftLastAccessTime.dwLowDateTime=0xde3e1880, ftLastAccessTime.dwHighDateTime=0x1d9b1c7, ftLastWriteTime.dwLowDateTime=0xde3e1880, ftLastWriteTime.dwHighDateTime=0x1d9b1c7, nFileSizeHigh=0x0, nFileSizeLow=0x366d, dwReserved0=0x0, dwReserved1=0x0, cFileName="9AS0zmhI1IuF3gKIE7k.mp4", cAlternateFileName="9AS0ZM~1.MP4")) returned 1 [0212.441] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39f4a2a0, ftCreationTime.dwHighDateTime=0x1d9ab99, ftLastAccessTime.dwLowDateTime=0x6262aa00, ftLastAccessTime.dwHighDateTime=0x1d9ae20, ftLastWriteTime.dwLowDateTime=0x6262aa00, ftLastWriteTime.dwHighDateTime=0x1d9ae20, nFileSizeHigh=0x0, nFileSizeLow=0x73d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="aejUOooWI.png", cAlternateFileName="AEJUOO~1.PNG")) returned 1 [0212.442] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d26b690, ftCreationTime.dwHighDateTime=0x1d9a534, ftLastAccessTime.dwLowDateTime=0xc069e9c0, ftLastAccessTime.dwHighDateTime=0x1d9b027, ftLastWriteTime.dwLowDateTime=0xc069e9c0, ftLastWriteTime.dwHighDateTime=0x1d9b027, nFileSizeHigh=0x0, nFileSizeLow=0x614e, dwReserved0=0x0, dwReserved1=0x0, cFileName="A_VTOyBLcz6NRbG97.xlsx", cAlternateFileName="A_VTOY~1.XLS")) returned 1 [0212.442] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a5617e0, ftCreationTime.dwHighDateTime=0x1d9b4a5, ftLastAccessTime.dwLowDateTime=0xabc87430, ftLastAccessTime.dwHighDateTime=0x1d9b4ed, ftLastWriteTime.dwLowDateTime=0xabc87430, ftLastWriteTime.dwHighDateTime=0x1d9b4ed, nFileSizeHigh=0x0, nFileSizeLow=0x18238, dwReserved0=0x0, dwReserved1=0x0, cFileName="BNSFmaE-MgKlgnC6ST.m4a", cAlternateFileName="BNSFMA~1.M4A")) returned 1 [0212.450] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6863f2e0, ftCreationTime.dwHighDateTime=0x1d9a4ef, ftLastAccessTime.dwLowDateTime=0x1f976010, ftLastAccessTime.dwHighDateTime=0x1d9ac47, ftLastWriteTime.dwLowDateTime=0x1f976010, ftLastWriteTime.dwHighDateTime=0x1d9ac47, nFileSizeHigh=0x0, nFileSizeLow=0xb44, dwReserved0=0x0, dwReserved1=0x0, cFileName="CPtLqFgr7.odt", cAlternateFileName="CPTLQF~1.ODT")) returned 1 [0212.451] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51af929e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd69f12d9, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51af929e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.452] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x764ad680, ftCreationTime.dwHighDateTime=0x1d9a9ae, ftLastAccessTime.dwLowDateTime=0x7ceca010, ftLastAccessTime.dwHighDateTime=0x1d9b01e, ftLastWriteTime.dwLowDateTime=0x7ceca010, ftLastWriteTime.dwHighDateTime=0x1d9b01e, nFileSizeHigh=0x0, nFileSizeLow=0x1fa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="dvdOIkC0KLuIwGbejstR.mkv", cAlternateFileName="DVDOIK~1.MKV")) returned 1 [0212.454] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7909c40, ftCreationTime.dwHighDateTime=0x1d9b32b, ftLastAccessTime.dwLowDateTime=0x4cfca410, ftLastAccessTime.dwHighDateTime=0x1d9b427, ftLastWriteTime.dwLowDateTime=0x4cfca410, ftLastWriteTime.dwHighDateTime=0x1d9b427, nFileSizeHigh=0x0, nFileSizeLow=0x41de, dwReserved0=0x0, dwReserved1=0x0, cFileName="eM1JFyu4JyX_V Ar.doc", cAlternateFileName="EM1JFY~1.DOC")) returned 1 [0212.454] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91fab780, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xb765488, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x66c29900, ftLastWriteTime.dwHighDateTime=0x1da1c0e, nFileSizeHigh=0x0, nFileSizeLow=0x6a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", cAlternateFileName="FD32CE~1.EXE")) returned 1 [0212.454] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5f7b110, ftCreationTime.dwHighDateTime=0x1d9ac6c, ftLastAccessTime.dwLowDateTime=0x5f4eda60, ftLastAccessTime.dwHighDateTime=0x1d9afcd, ftLastWriteTime.dwLowDateTime=0x5f4eda60, ftLastWriteTime.dwHighDateTime=0x1d9afcd, nFileSizeHigh=0x0, nFileSizeLow=0x188fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="F_iFZckqLGn.swf", cAlternateFileName="F_IFZC~1.SWF")) returned 1 [0212.454] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef1051b0, ftCreationTime.dwHighDateTime=0x1d9af32, ftLastAccessTime.dwLowDateTime=0x289c1060, ftLastAccessTime.dwHighDateTime=0x1d9b49a, ftLastWriteTime.dwLowDateTime=0x289c1060, ftLastWriteTime.dwHighDateTime=0x1d9b49a, nFileSizeHigh=0x0, nFileSizeLow=0x122c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="ib1VJL sy6GkBvVZ_Be.odp", cAlternateFileName="IB1VJL~1.ODP")) returned 1 [0212.454] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf22e0de0, ftCreationTime.dwHighDateTime=0x1d9b11e, ftLastAccessTime.dwLowDateTime=0xfbaf6e40, ftLastAccessTime.dwHighDateTime=0x1d9b1dc, ftLastWriteTime.dwLowDateTime=0xfbaf6e40, ftLastWriteTime.dwHighDateTime=0x1d9b1dc, nFileSizeHigh=0x0, nFileSizeLow=0x12a8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="IPpjwlU_.swf", cAlternateFileName="")) returned 1 [0212.454] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x641f7580, ftCreationTime.dwHighDateTime=0x1d9b410, ftLastAccessTime.dwLowDateTime=0xad00ea10, ftLastAccessTime.dwHighDateTime=0x1d9b472, ftLastWriteTime.dwLowDateTime=0xad00ea10, ftLastWriteTime.dwHighDateTime=0x1d9b472, nFileSizeHigh=0x0, nFileSizeLow=0x98ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="JXeScA2ioPeBdV4Lv_Z.png", cAlternateFileName="JXESCA~1.PNG")) returned 1 [0212.455] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68052860, ftCreationTime.dwHighDateTime=0x1d9adb3, ftLastAccessTime.dwLowDateTime=0x64b8a6c0, ftLastAccessTime.dwHighDateTime=0x1d9b077, ftLastWriteTime.dwLowDateTime=0x64b8a6c0, ftLastWriteTime.dwHighDateTime=0x1d9b077, nFileSizeHigh=0x0, nFileSizeLow=0x11ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="kJxyHJTcJmHZA00.mp4", cAlternateFileName="KJXYHJ~1.MP4")) returned 1 [0212.455] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4133ff0, ftCreationTime.dwHighDateTime=0x1d9ad11, ftLastAccessTime.dwLowDateTime=0x714e0e80, ftLastAccessTime.dwHighDateTime=0x1d9adbf, ftLastWriteTime.dwLowDateTime=0x714e0e80, ftLastWriteTime.dwHighDateTime=0x1d9adbf, nFileSizeHigh=0x0, nFileSizeLow=0x6cc3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lbu2bszKr4MYb Hu3At.mkv", cAlternateFileName="LBU2BS~1.MKV")) returned 1 [0212.455] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84daef60, ftCreationTime.dwHighDateTime=0x1d9a7ff, ftLastAccessTime.dwLowDateTime=0x4a814ce0, ftLastAccessTime.dwHighDateTime=0x1d9b300, ftLastWriteTime.dwLowDateTime=0x4a814ce0, ftLastWriteTime.dwHighDateTime=0x1d9b300, nFileSizeHigh=0x0, nFileSizeLow=0xd1d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsiukubKPX7Y9nh3c.m4a", cAlternateFileName="MSIUKU~1.M4A")) returned 1 [0212.455] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89d31e10, ftCreationTime.dwHighDateTime=0x1d9a981, ftLastAccessTime.dwLowDateTime=0x3058570, ftLastAccessTime.dwHighDateTime=0x1d9afc2, ftLastWriteTime.dwLowDateTime=0x3058570, ftLastWriteTime.dwHighDateTime=0x1d9afc2, nFileSizeHigh=0x0, nFileSizeLow=0x17f67, dwReserved0=0x0, dwReserved1=0x0, cFileName="N8uzo0.png", cAlternateFileName="")) returned 1 [0212.455] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x322be840, ftCreationTime.dwHighDateTime=0x1d9a9ea, ftLastAccessTime.dwLowDateTime=0x8607dd30, ftLastAccessTime.dwHighDateTime=0x1d9af7f, ftLastWriteTime.dwLowDateTime=0x8607dd30, ftLastWriteTime.dwHighDateTime=0x1d9af7f, nFileSizeHigh=0x0, nFileSizeLow=0xa633, dwReserved0=0x0, dwReserved1=0x0, cFileName="ogw4Mz9WHOq.png", cAlternateFileName="OGW4MZ~1.PNG")) returned 1 [0212.455] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3cc41430, ftCreationTime.dwHighDateTime=0x1d9b219, ftLastAccessTime.dwLowDateTime=0xe85eb390, ftLastAccessTime.dwHighDateTime=0x1d9b2dc, ftLastWriteTime.dwLowDateTime=0xe85eb390, ftLastWriteTime.dwHighDateTime=0x1d9b2dc, nFileSizeHigh=0x0, nFileSizeLow=0x83c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="oxKt_.mp4", cAlternateFileName="")) returned 1 [0212.456] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa554e090, ftCreationTime.dwHighDateTime=0x1d9a76c, ftLastAccessTime.dwLowDateTime=0x7b0cc500, ftLastAccessTime.dwHighDateTime=0x1d9ac17, ftLastWriteTime.dwLowDateTime=0x7b0cc500, ftLastWriteTime.dwHighDateTime=0x1d9ac17, nFileSizeHigh=0x0, nFileSizeLow=0x38e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Q4iEH-Vhpy0WGy2.mp3", cAlternateFileName="Q4IEH-~1.MP3")) returned 1 [0212.456] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c702640, ftCreationTime.dwHighDateTime=0x1d9af44, ftLastAccessTime.dwLowDateTime=0xcfb7e3d0, ftLastAccessTime.dwHighDateTime=0x1d9afca, ftLastWriteTime.dwLowDateTime=0xcfb7e3d0, ftLastWriteTime.dwHighDateTime=0x1d9afca, nFileSizeHigh=0x0, nFileSizeLow=0x1159b, dwReserved0=0x0, dwReserved1=0x0, cFileName="qSnue5HZ7KMDYxfoM1N.avi", cAlternateFileName="QSNUE5~1.AVI")) returned 1 [0212.456] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa131b880, ftCreationTime.dwHighDateTime=0x1d9b248, ftLastAccessTime.dwLowDateTime=0xc74b0bd0, ftLastAccessTime.dwHighDateTime=0x1d9b45e, ftLastWriteTime.dwLowDateTime=0xc74b0bd0, ftLastWriteTime.dwHighDateTime=0x1d9b45e, nFileSizeHigh=0x0, nFileSizeLow=0x1773a, dwReserved0=0x0, dwReserved1=0x0, cFileName="rcF8BmLkT EhTubW.avi", cAlternateFileName="RCF8BM~1.AVI")) returned 1 [0212.456] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b25fc50, ftCreationTime.dwHighDateTime=0x1d9b0b2, ftLastAccessTime.dwLowDateTime=0x5625cfa0, ftLastAccessTime.dwHighDateTime=0x1d9b3a3, ftLastWriteTime.dwLowDateTime=0x5625cfa0, ftLastWriteTime.dwHighDateTime=0x1d9b3a3, nFileSizeHigh=0x0, nFileSizeLow=0x46b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="rkO e6gc.mp4", cAlternateFileName="RKOE6G~1.MP4")) returned 1 [0212.457] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf14a5be0, ftCreationTime.dwHighDateTime=0x1d9b353, ftLastAccessTime.dwLowDateTime=0xec6477c0, ftLastAccessTime.dwHighDateTime=0x1d9b3b5, ftLastWriteTime.dwLowDateTime=0xec6477c0, ftLastWriteTime.dwHighDateTime=0x1d9b3b5, nFileSizeHigh=0x0, nFileSizeLow=0x15ee6, dwReserved0=0x0, dwReserved1=0x0, cFileName="rSXGxtmLV1.gif", cAlternateFileName="RSXGXT~1.GIF")) returned 1 [0212.458] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ae3c80, ftCreationTime.dwHighDateTime=0x1d9aa0a, ftLastAccessTime.dwLowDateTime=0xf2a0a760, ftLastAccessTime.dwHighDateTime=0x1d9aca0, ftLastWriteTime.dwLowDateTime=0xf2a0a760, ftLastWriteTime.dwHighDateTime=0x1d9aca0, nFileSizeHigh=0x0, nFileSizeLow=0x12433, dwReserved0=0x0, dwReserved1=0x0, cFileName="s3mDZhojg.bmp", cAlternateFileName="S3MDZH~1.BMP")) returned 1 [0212.458] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c921290, ftCreationTime.dwHighDateTime=0x1d9a741, ftLastAccessTime.dwLowDateTime=0x4ccace80, ftLastAccessTime.dwHighDateTime=0x1d9b01d, ftLastWriteTime.dwLowDateTime=0x4ccace80, ftLastWriteTime.dwHighDateTime=0x1d9b01d, nFileSizeHigh=0x0, nFileSizeLow=0x9983, dwReserved0=0x0, dwReserved1=0x0, cFileName="sg MXaT5p_6OuAzIkQ9b.odt", cAlternateFileName="SGMXAT~1.ODT")) returned 1 [0212.458] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcde14f40, ftCreationTime.dwHighDateTime=0x1d9b260, ftLastAccessTime.dwLowDateTime=0x311a7690, ftLastAccessTime.dwHighDateTime=0x1d9b4d2, ftLastWriteTime.dwLowDateTime=0x311a7690, ftLastWriteTime.dwHighDateTime=0x1d9b4d2, nFileSizeHigh=0x0, nFileSizeLow=0x9cec, dwReserved0=0x0, dwReserved1=0x0, cFileName="UkJYmBRGn-l6870DyiLq.gif", cAlternateFileName="UKJYMB~1.GIF")) returned 1 [0212.458] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef60fea0, ftCreationTime.dwHighDateTime=0x1d9b133, ftLastAccessTime.dwLowDateTime=0xc32df1c0, ftLastAccessTime.dwHighDateTime=0x1d9b4c7, ftLastWriteTime.dwLowDateTime=0xc32df1c0, ftLastWriteTime.dwHighDateTime=0x1d9b4c7, nFileSizeHigh=0x0, nFileSizeLow=0x1436f, dwReserved0=0x0, dwReserved1=0x0, cFileName="VvJS.odp", cAlternateFileName="")) returned 1 [0212.458] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a6f4ba0, ftCreationTime.dwHighDateTime=0x1d9b45e, ftLastAccessTime.dwLowDateTime=0x84a2f0d0, ftLastAccessTime.dwHighDateTime=0x1d9b473, ftLastWriteTime.dwLowDateTime=0x84a2f0d0, ftLastWriteTime.dwHighDateTime=0x1d9b473, nFileSizeHigh=0x0, nFileSizeLow=0x17f56, dwReserved0=0x0, dwReserved1=0x0, cFileName="w7V8A-uHWT3m-XUwfg56.bmp", cAlternateFileName="W7V8A-~1.BMP")) returned 1 [0212.458] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1aad70, ftCreationTime.dwHighDateTime=0x1d9ae7a, ftLastAccessTime.dwLowDateTime=0x4c4b8110, ftLastAccessTime.dwHighDateTime=0x1d9b1f9, ftLastWriteTime.dwLowDateTime=0x4c4b8110, ftLastWriteTime.dwHighDateTime=0x1d9b1f9, nFileSizeHigh=0x0, nFileSizeLow=0x10102, dwReserved0=0x0, dwReserved1=0x0, cFileName="wFdXt6C3g60.gif", cAlternateFileName="WFDXT6~1.GIF")) returned 1 [0212.458] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcbfaf90, ftCreationTime.dwHighDateTime=0x1d9a95a, ftLastAccessTime.dwLowDateTime=0x826ecfe0, ftLastAccessTime.dwHighDateTime=0x1d9b30c, ftLastWriteTime.dwLowDateTime=0x826ecfe0, ftLastWriteTime.dwHighDateTime=0x1d9b30c, nFileSizeHigh=0x0, nFileSizeLow=0x9550, dwReserved0=0x0, dwReserved1=0x0, cFileName="wnd4e.ppt", cAlternateFileName="")) returned 1 [0212.459] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf57c7b0, ftCreationTime.dwHighDateTime=0x1d9a77a, ftLastAccessTime.dwLowDateTime=0x92536720, ftLastAccessTime.dwHighDateTime=0x1d9aeea, ftLastWriteTime.dwLowDateTime=0x92536720, ftLastWriteTime.dwHighDateTime=0x1d9aeea, nFileSizeHigh=0x0, nFileSizeLow=0xb14d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ysmqvE-OXot7GOVrKyVU.avi", cAlternateFileName="YSMQVE~1.AVI")) returned 1 [0212.459] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x546dbc10, ftCreationTime.dwHighDateTime=0x1d9b045, ftLastAccessTime.dwLowDateTime=0x2ecdd430, ftLastAccessTime.dwHighDateTime=0x1d9b4e2, ftLastWriteTime.dwLowDateTime=0x2ecdd430, ftLastWriteTime.dwHighDateTime=0x1d9b4e2, nFileSizeHigh=0x0, nFileSizeLow=0xef22, dwReserved0=0x0, dwReserved1=0x0, cFileName="YyI OhFQiF.wav", cAlternateFileName="YYIOHF~1.WAV")) returned 1 [0212.459] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.459] FindClose (in: hFindFile=0x601000 | out: hFindFile=0x601000) returned 1 [0212.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.461] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop", lpFilePart=0x0) returned 0x1a [0212.461] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\*" (normalized: "c:\\users\\oqxzraykm\\desktop\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd54a26de, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd54a26de, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0212.462] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd54a26de, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd54a26de, ftLastWriteTime.dwHighDateTime=0x1da1c11, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.462] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3339d10, ftCreationTime.dwHighDateTime=0x1d9ace4, ftLastAccessTime.dwLowDateTime=0xe9a908ad, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x19974df0, ftLastWriteTime.dwHighDateTime=0x1d9b4ef, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-mUkc", cAlternateFileName="")) returned 1 [0212.462] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc703fa10, ftCreationTime.dwHighDateTime=0x1d9b1d4, ftLastAccessTime.dwLowDateTime=0xb5d39860, ftLastAccessTime.dwHighDateTime=0x1d9b3c6, ftLastWriteTime.dwLowDateTime=0xb5d39860, ftLastWriteTime.dwHighDateTime=0x1d9b3c6, nFileSizeHigh=0x0, nFileSizeLow=0xf14c, dwReserved0=0x0, dwReserved1=0x0, cFileName="1S3_F4JMA8KT.swf", cAlternateFileName="1S3_F4~1.SWF")) returned 1 [0212.462] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8556d5d0, ftCreationTime.dwHighDateTime=0x1d9a6f1, ftLastAccessTime.dwLowDateTime=0x330fd200, ftLastAccessTime.dwHighDateTime=0x1d9aace, ftLastWriteTime.dwLowDateTime=0x330fd200, ftLastWriteTime.dwHighDateTime=0x1d9aace, nFileSizeHigh=0x0, nFileSizeLow=0x18ffb, dwReserved0=0x0, dwReserved1=0x0, cFileName="5yYgh5AF 38jq.mkv", cAlternateFileName="5YYGH5~1.MKV")) returned 1 [0212.462] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9ba0070, ftCreationTime.dwHighDateTime=0x1d9a5a0, ftLastAccessTime.dwLowDateTime=0xde3e1880, ftLastAccessTime.dwHighDateTime=0x1d9b1c7, ftLastWriteTime.dwLowDateTime=0xde3e1880, ftLastWriteTime.dwHighDateTime=0x1d9b1c7, nFileSizeHigh=0x0, nFileSizeLow=0x366d, dwReserved0=0x0, dwReserved1=0x0, cFileName="9AS0zmhI1IuF3gKIE7k.mp4", cAlternateFileName="9AS0ZM~1.MP4")) returned 1 [0212.462] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39f4a2a0, ftCreationTime.dwHighDateTime=0x1d9ab99, ftLastAccessTime.dwLowDateTime=0x6262aa00, ftLastAccessTime.dwHighDateTime=0x1d9ae20, ftLastWriteTime.dwLowDateTime=0x6262aa00, ftLastWriteTime.dwHighDateTime=0x1d9ae20, nFileSizeHigh=0x0, nFileSizeLow=0x73d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="aejUOooWI.png", cAlternateFileName="AEJUOO~1.PNG")) returned 1 [0212.462] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d26b690, ftCreationTime.dwHighDateTime=0x1d9a534, ftLastAccessTime.dwLowDateTime=0xc069e9c0, ftLastAccessTime.dwHighDateTime=0x1d9b027, ftLastWriteTime.dwLowDateTime=0xc069e9c0, ftLastWriteTime.dwHighDateTime=0x1d9b027, nFileSizeHigh=0x0, nFileSizeLow=0x614e, dwReserved0=0x0, dwReserved1=0x0, cFileName="A_VTOyBLcz6NRbG97.xlsx", cAlternateFileName="A_VTOY~1.XLS")) returned 1 [0212.463] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a5617e0, ftCreationTime.dwHighDateTime=0x1d9b4a5, ftLastAccessTime.dwLowDateTime=0xabc87430, ftLastAccessTime.dwHighDateTime=0x1d9b4ed, ftLastWriteTime.dwLowDateTime=0xabc87430, ftLastWriteTime.dwHighDateTime=0x1d9b4ed, nFileSizeHigh=0x0, nFileSizeLow=0x18238, dwReserved0=0x0, dwReserved1=0x0, cFileName="BNSFmaE-MgKlgnC6ST.m4a", cAlternateFileName="BNSFMA~1.M4A")) returned 1 [0212.463] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6863f2e0, ftCreationTime.dwHighDateTime=0x1d9a4ef, ftLastAccessTime.dwLowDateTime=0x1f976010, ftLastAccessTime.dwHighDateTime=0x1d9ac47, ftLastWriteTime.dwLowDateTime=0x1f976010, ftLastWriteTime.dwHighDateTime=0x1d9ac47, nFileSizeHigh=0x0, nFileSizeLow=0xb44, dwReserved0=0x0, dwReserved1=0x0, cFileName="CPtLqFgr7.odt", cAlternateFileName="CPTLQF~1.ODT")) returned 1 [0212.463] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51af929e, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd69f12d9, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51af929e, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.463] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x764ad680, ftCreationTime.dwHighDateTime=0x1d9a9ae, ftLastAccessTime.dwLowDateTime=0x7ceca010, ftLastAccessTime.dwHighDateTime=0x1d9b01e, ftLastWriteTime.dwLowDateTime=0x7ceca010, ftLastWriteTime.dwHighDateTime=0x1d9b01e, nFileSizeHigh=0x0, nFileSizeLow=0x1fa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="dvdOIkC0KLuIwGbejstR.mkv", cAlternateFileName="DVDOIK~1.MKV")) returned 1 [0212.463] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7909c40, ftCreationTime.dwHighDateTime=0x1d9b32b, ftLastAccessTime.dwLowDateTime=0x4cfca410, ftLastAccessTime.dwHighDateTime=0x1d9b427, ftLastWriteTime.dwLowDateTime=0x4cfca410, ftLastWriteTime.dwHighDateTime=0x1d9b427, nFileSizeHigh=0x0, nFileSizeLow=0x41de, dwReserved0=0x0, dwReserved1=0x0, cFileName="eM1JFyu4JyX_V Ar.doc", cAlternateFileName="EM1JFY~1.DOC")) returned 1 [0212.463] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91fab780, ftCreationTime.dwHighDateTime=0x1da1c11, ftLastAccessTime.dwLowDateTime=0xb765488, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x66c29900, ftLastWriteTime.dwHighDateTime=0x1da1c0e, nFileSizeHigh=0x0, nFileSizeLow=0x6a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="fd32cec288cec4f16dc5430cf86dc17e1d4cf941d635979fc17a59c8d6d83d44.exe", cAlternateFileName="FD32CE~1.EXE")) returned 1 [0212.463] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5f7b110, ftCreationTime.dwHighDateTime=0x1d9ac6c, ftLastAccessTime.dwLowDateTime=0x5f4eda60, ftLastAccessTime.dwHighDateTime=0x1d9afcd, ftLastWriteTime.dwLowDateTime=0x5f4eda60, ftLastWriteTime.dwHighDateTime=0x1d9afcd, nFileSizeHigh=0x0, nFileSizeLow=0x188fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="F_iFZckqLGn.swf", cAlternateFileName="F_IFZC~1.SWF")) returned 1 [0212.463] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef1051b0, ftCreationTime.dwHighDateTime=0x1d9af32, ftLastAccessTime.dwLowDateTime=0x289c1060, ftLastAccessTime.dwHighDateTime=0x1d9b49a, ftLastWriteTime.dwLowDateTime=0x289c1060, ftLastWriteTime.dwHighDateTime=0x1d9b49a, nFileSizeHigh=0x0, nFileSizeLow=0x122c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="ib1VJL sy6GkBvVZ_Be.odp", cAlternateFileName="IB1VJL~1.ODP")) returned 1 [0212.463] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf22e0de0, ftCreationTime.dwHighDateTime=0x1d9b11e, ftLastAccessTime.dwLowDateTime=0xfbaf6e40, ftLastAccessTime.dwHighDateTime=0x1d9b1dc, ftLastWriteTime.dwLowDateTime=0xfbaf6e40, ftLastWriteTime.dwHighDateTime=0x1d9b1dc, nFileSizeHigh=0x0, nFileSizeLow=0x12a8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="IPpjwlU_.swf", cAlternateFileName="")) returned 1 [0212.463] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x641f7580, ftCreationTime.dwHighDateTime=0x1d9b410, ftLastAccessTime.dwLowDateTime=0xad00ea10, ftLastAccessTime.dwHighDateTime=0x1d9b472, ftLastWriteTime.dwLowDateTime=0xad00ea10, ftLastWriteTime.dwHighDateTime=0x1d9b472, nFileSizeHigh=0x0, nFileSizeLow=0x98ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="JXeScA2ioPeBdV4Lv_Z.png", cAlternateFileName="JXESCA~1.PNG")) returned 1 [0212.463] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68052860, ftCreationTime.dwHighDateTime=0x1d9adb3, ftLastAccessTime.dwLowDateTime=0x64b8a6c0, ftLastAccessTime.dwHighDateTime=0x1d9b077, ftLastWriteTime.dwLowDateTime=0x64b8a6c0, ftLastWriteTime.dwHighDateTime=0x1d9b077, nFileSizeHigh=0x0, nFileSizeLow=0x11ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="kJxyHJTcJmHZA00.mp4", cAlternateFileName="KJXYHJ~1.MP4")) returned 1 [0212.463] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4133ff0, ftCreationTime.dwHighDateTime=0x1d9ad11, ftLastAccessTime.dwLowDateTime=0x714e0e80, ftLastAccessTime.dwHighDateTime=0x1d9adbf, ftLastWriteTime.dwLowDateTime=0x714e0e80, ftLastWriteTime.dwHighDateTime=0x1d9adbf, nFileSizeHigh=0x0, nFileSizeLow=0x6cc3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lbu2bszKr4MYb Hu3At.mkv", cAlternateFileName="LBU2BS~1.MKV")) returned 1 [0212.464] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84daef60, ftCreationTime.dwHighDateTime=0x1d9a7ff, ftLastAccessTime.dwLowDateTime=0x4a814ce0, ftLastAccessTime.dwHighDateTime=0x1d9b300, ftLastWriteTime.dwLowDateTime=0x4a814ce0, ftLastWriteTime.dwHighDateTime=0x1d9b300, nFileSizeHigh=0x0, nFileSizeLow=0xd1d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsiukubKPX7Y9nh3c.m4a", cAlternateFileName="MSIUKU~1.M4A")) returned 1 [0212.464] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89d31e10, ftCreationTime.dwHighDateTime=0x1d9a981, ftLastAccessTime.dwLowDateTime=0x3058570, ftLastAccessTime.dwHighDateTime=0x1d9afc2, ftLastWriteTime.dwLowDateTime=0x3058570, ftLastWriteTime.dwHighDateTime=0x1d9afc2, nFileSizeHigh=0x0, nFileSizeLow=0x17f67, dwReserved0=0x0, dwReserved1=0x0, cFileName="N8uzo0.png", cAlternateFileName="")) returned 1 [0212.464] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x322be840, ftCreationTime.dwHighDateTime=0x1d9a9ea, ftLastAccessTime.dwLowDateTime=0x8607dd30, ftLastAccessTime.dwHighDateTime=0x1d9af7f, ftLastWriteTime.dwLowDateTime=0x8607dd30, ftLastWriteTime.dwHighDateTime=0x1d9af7f, nFileSizeHigh=0x0, nFileSizeLow=0xa633, dwReserved0=0x0, dwReserved1=0x0, cFileName="ogw4Mz9WHOq.png", cAlternateFileName="OGW4MZ~1.PNG")) returned 1 [0212.464] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3cc41430, ftCreationTime.dwHighDateTime=0x1d9b219, ftLastAccessTime.dwLowDateTime=0xe85eb390, ftLastAccessTime.dwHighDateTime=0x1d9b2dc, ftLastWriteTime.dwLowDateTime=0xe85eb390, ftLastWriteTime.dwHighDateTime=0x1d9b2dc, nFileSizeHigh=0x0, nFileSizeLow=0x83c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="oxKt_.mp4", cAlternateFileName="")) returned 1 [0212.464] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa554e090, ftCreationTime.dwHighDateTime=0x1d9a76c, ftLastAccessTime.dwLowDateTime=0x7b0cc500, ftLastAccessTime.dwHighDateTime=0x1d9ac17, ftLastWriteTime.dwLowDateTime=0x7b0cc500, ftLastWriteTime.dwHighDateTime=0x1d9ac17, nFileSizeHigh=0x0, nFileSizeLow=0x38e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Q4iEH-Vhpy0WGy2.mp3", cAlternateFileName="Q4IEH-~1.MP3")) returned 1 [0212.464] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c702640, ftCreationTime.dwHighDateTime=0x1d9af44, ftLastAccessTime.dwLowDateTime=0xcfb7e3d0, ftLastAccessTime.dwHighDateTime=0x1d9afca, ftLastWriteTime.dwLowDateTime=0xcfb7e3d0, ftLastWriteTime.dwHighDateTime=0x1d9afca, nFileSizeHigh=0x0, nFileSizeLow=0x1159b, dwReserved0=0x0, dwReserved1=0x0, cFileName="qSnue5HZ7KMDYxfoM1N.avi", cAlternateFileName="QSNUE5~1.AVI")) returned 1 [0212.464] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa131b880, ftCreationTime.dwHighDateTime=0x1d9b248, ftLastAccessTime.dwLowDateTime=0xc74b0bd0, ftLastAccessTime.dwHighDateTime=0x1d9b45e, ftLastWriteTime.dwLowDateTime=0xc74b0bd0, ftLastWriteTime.dwHighDateTime=0x1d9b45e, nFileSizeHigh=0x0, nFileSizeLow=0x1773a, dwReserved0=0x0, dwReserved1=0x0, cFileName="rcF8BmLkT EhTubW.avi", cAlternateFileName="RCF8BM~1.AVI")) returned 1 [0212.464] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b25fc50, ftCreationTime.dwHighDateTime=0x1d9b0b2, ftLastAccessTime.dwLowDateTime=0x5625cfa0, ftLastAccessTime.dwHighDateTime=0x1d9b3a3, ftLastWriteTime.dwLowDateTime=0x5625cfa0, ftLastWriteTime.dwHighDateTime=0x1d9b3a3, nFileSizeHigh=0x0, nFileSizeLow=0x46b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="rkO e6gc.mp4", cAlternateFileName="RKOE6G~1.MP4")) returned 1 [0212.464] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf14a5be0, ftCreationTime.dwHighDateTime=0x1d9b353, ftLastAccessTime.dwLowDateTime=0xec6477c0, ftLastAccessTime.dwHighDateTime=0x1d9b3b5, ftLastWriteTime.dwLowDateTime=0xec6477c0, ftLastWriteTime.dwHighDateTime=0x1d9b3b5, nFileSizeHigh=0x0, nFileSizeLow=0x15ee6, dwReserved0=0x0, dwReserved1=0x0, cFileName="rSXGxtmLV1.gif", cAlternateFileName="RSXGXT~1.GIF")) returned 1 [0212.464] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ae3c80, ftCreationTime.dwHighDateTime=0x1d9aa0a, ftLastAccessTime.dwLowDateTime=0xf2a0a760, ftLastAccessTime.dwHighDateTime=0x1d9aca0, ftLastWriteTime.dwLowDateTime=0xf2a0a760, ftLastWriteTime.dwHighDateTime=0x1d9aca0, nFileSizeHigh=0x0, nFileSizeLow=0x12433, dwReserved0=0x0, dwReserved1=0x0, cFileName="s3mDZhojg.bmp", cAlternateFileName="S3MDZH~1.BMP")) returned 1 [0212.464] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c921290, ftCreationTime.dwHighDateTime=0x1d9a741, ftLastAccessTime.dwLowDateTime=0x4ccace80, ftLastAccessTime.dwHighDateTime=0x1d9b01d, ftLastWriteTime.dwLowDateTime=0x4ccace80, ftLastWriteTime.dwHighDateTime=0x1d9b01d, nFileSizeHigh=0x0, nFileSizeLow=0x9983, dwReserved0=0x0, dwReserved1=0x0, cFileName="sg MXaT5p_6OuAzIkQ9b.odt", cAlternateFileName="SGMXAT~1.ODT")) returned 1 [0212.464] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcde14f40, ftCreationTime.dwHighDateTime=0x1d9b260, ftLastAccessTime.dwLowDateTime=0x311a7690, ftLastAccessTime.dwHighDateTime=0x1d9b4d2, ftLastWriteTime.dwLowDateTime=0x311a7690, ftLastWriteTime.dwHighDateTime=0x1d9b4d2, nFileSizeHigh=0x0, nFileSizeLow=0x9cec, dwReserved0=0x0, dwReserved1=0x0, cFileName="UkJYmBRGn-l6870DyiLq.gif", cAlternateFileName="UKJYMB~1.GIF")) returned 1 [0212.465] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef60fea0, ftCreationTime.dwHighDateTime=0x1d9b133, ftLastAccessTime.dwLowDateTime=0xc32df1c0, ftLastAccessTime.dwHighDateTime=0x1d9b4c7, ftLastWriteTime.dwLowDateTime=0xc32df1c0, ftLastWriteTime.dwHighDateTime=0x1d9b4c7, nFileSizeHigh=0x0, nFileSizeLow=0x1436f, dwReserved0=0x0, dwReserved1=0x0, cFileName="VvJS.odp", cAlternateFileName="")) returned 1 [0212.465] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a6f4ba0, ftCreationTime.dwHighDateTime=0x1d9b45e, ftLastAccessTime.dwLowDateTime=0x84a2f0d0, ftLastAccessTime.dwHighDateTime=0x1d9b473, ftLastWriteTime.dwLowDateTime=0x84a2f0d0, ftLastWriteTime.dwHighDateTime=0x1d9b473, nFileSizeHigh=0x0, nFileSizeLow=0x17f56, dwReserved0=0x0, dwReserved1=0x0, cFileName="w7V8A-uHWT3m-XUwfg56.bmp", cAlternateFileName="W7V8A-~1.BMP")) returned 1 [0212.465] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1aad70, ftCreationTime.dwHighDateTime=0x1d9ae7a, ftLastAccessTime.dwLowDateTime=0x4c4b8110, ftLastAccessTime.dwHighDateTime=0x1d9b1f9, ftLastWriteTime.dwLowDateTime=0x4c4b8110, ftLastWriteTime.dwHighDateTime=0x1d9b1f9, nFileSizeHigh=0x0, nFileSizeLow=0x10102, dwReserved0=0x0, dwReserved1=0x0, cFileName="wFdXt6C3g60.gif", cAlternateFileName="WFDXT6~1.GIF")) returned 1 [0212.465] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcbfaf90, ftCreationTime.dwHighDateTime=0x1d9a95a, ftLastAccessTime.dwLowDateTime=0x826ecfe0, ftLastAccessTime.dwHighDateTime=0x1d9b30c, ftLastWriteTime.dwLowDateTime=0x826ecfe0, ftLastWriteTime.dwHighDateTime=0x1d9b30c, nFileSizeHigh=0x0, nFileSizeLow=0x9550, dwReserved0=0x0, dwReserved1=0x0, cFileName="wnd4e.ppt", cAlternateFileName="")) returned 1 [0212.465] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf57c7b0, ftCreationTime.dwHighDateTime=0x1d9a77a, ftLastAccessTime.dwLowDateTime=0x92536720, ftLastAccessTime.dwHighDateTime=0x1d9aeea, ftLastWriteTime.dwLowDateTime=0x92536720, ftLastWriteTime.dwHighDateTime=0x1d9aeea, nFileSizeHigh=0x0, nFileSizeLow=0xb14d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ysmqvE-OXot7GOVrKyVU.avi", cAlternateFileName="YSMQVE~1.AVI")) returned 1 [0212.465] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x546dbc10, ftCreationTime.dwHighDateTime=0x1d9b045, ftLastAccessTime.dwLowDateTime=0x2ecdd430, ftLastAccessTime.dwHighDateTime=0x1d9b4e2, ftLastWriteTime.dwLowDateTime=0x2ecdd430, ftLastWriteTime.dwHighDateTime=0x1d9b4e2, nFileSizeHigh=0x0, nFileSizeLow=0xef22, dwReserved0=0x0, dwReserved1=0x0, cFileName="YyI OhFQiF.wav", cAlternateFileName="YYIOHF~1.WAV")) returned 1 [0212.465] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x546dbc10, ftCreationTime.dwHighDateTime=0x1d9b045, ftLastAccessTime.dwLowDateTime=0x2ecdd430, ftLastAccessTime.dwHighDateTime=0x1d9b4e2, ftLastWriteTime.dwLowDateTime=0x2ecdd430, ftLastWriteTime.dwHighDateTime=0x1d9b4e2, nFileSizeHigh=0x0, nFileSizeLow=0xef22, dwReserved0=0x0, dwReserved1=0x0, cFileName="YyI OhFQiF.wav", cAlternateFileName="YYIOHF~1.WAV")) returned 0 [0212.465] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0212.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.466] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc", lpFilePart=0x0) returned 0x20 [0212.467] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\*.*" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3339d10, ftCreationTime.dwHighDateTime=0x1d9ace4, ftLastAccessTime.dwLowDateTime=0xe9a908ad, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x19974df0, ftLastWriteTime.dwHighDateTime=0x1d9b4ef, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.467] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3339d10, ftCreationTime.dwHighDateTime=0x1d9ace4, ftLastAccessTime.dwLowDateTime=0xe9a908ad, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x19974df0, ftLastWriteTime.dwHighDateTime=0x1d9b4ef, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.467] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a8d2640, ftCreationTime.dwHighDateTime=0x1d9b0ae, ftLastAccessTime.dwLowDateTime=0x5f69e890, ftLastAccessTime.dwHighDateTime=0x1d9b2a3, ftLastWriteTime.dwLowDateTime=0x5f69e890, ftLastWriteTime.dwHighDateTime=0x1d9b2a3, nFileSizeHigh=0x0, nFileSizeLow=0x5f4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="-kzqFR.mp3", cAlternateFileName="")) returned 1 [0212.467] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9c55a90, ftCreationTime.dwHighDateTime=0x1d9b28a, ftLastAccessTime.dwLowDateTime=0x73827b70, ftLastAccessTime.dwHighDateTime=0x1d9b335, ftLastWriteTime.dwLowDateTime=0x73827b70, ftLastWriteTime.dwHighDateTime=0x1d9b335, nFileSizeHigh=0x0, nFileSizeLow=0xaefc, dwReserved0=0x0, dwReserved1=0x0, cFileName="3um74xQY2dRtB2 VeQ.jpg", cAlternateFileName="3UM74X~1.JPG")) returned 1 [0212.467] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x359f9b50, ftCreationTime.dwHighDateTime=0x1d9b176, ftLastAccessTime.dwLowDateTime=0xfcc751e0, ftLastAccessTime.dwHighDateTime=0x1d9b3d4, ftLastWriteTime.dwLowDateTime=0xfcc751e0, ftLastWriteTime.dwHighDateTime=0x1d9b3d4, nFileSizeHigh=0x0, nFileSizeLow=0x14cbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="9AjDMxYYRmVLRHhVCY P.avi", cAlternateFileName="9AJDMX~1.AVI")) returned 1 [0212.467] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7b4a5b0, ftCreationTime.dwHighDateTime=0x1d9b3f3, ftLastAccessTime.dwLowDateTime=0x7058a7a0, ftLastAccessTime.dwHighDateTime=0x1d9b536, ftLastWriteTime.dwLowDateTime=0x7058a7a0, ftLastWriteTime.dwHighDateTime=0x1d9b536, nFileSizeHigh=0x0, nFileSizeLow=0xc28b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eTG7NzXPZhX.jpg", cAlternateFileName="ETG7NZ~1.JPG")) returned 1 [0212.468] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7a71470, ftCreationTime.dwHighDateTime=0x1d9afb0, ftLastAccessTime.dwLowDateTime=0xc569a940, ftLastAccessTime.dwHighDateTime=0x1d9b3bc, ftLastWriteTime.dwLowDateTime=0xc569a940, ftLastWriteTime.dwHighDateTime=0x1d9b3bc, nFileSizeHigh=0x0, nFileSizeLow=0x177a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="gx-lni4aupUfI o.mp3", cAlternateFileName="GX-LNI~1.MP3")) returned 1 [0212.468] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x464246f0, ftCreationTime.dwHighDateTime=0x1d9b3ed, ftLastAccessTime.dwLowDateTime=0x3192eb60, ftLastAccessTime.dwHighDateTime=0x1d9b555, ftLastWriteTime.dwLowDateTime=0x3192eb60, ftLastWriteTime.dwHighDateTime=0x1d9b555, nFileSizeHigh=0x0, nFileSizeLow=0x67e, dwReserved0=0x0, dwReserved1=0x0, cFileName="IrM2_7YhV9DP4.swf", cAlternateFileName="IRM2_7~1.SWF")) returned 1 [0212.468] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10759b40, ftCreationTime.dwHighDateTime=0x1d9ae06, ftLastAccessTime.dwLowDateTime=0x3fb0a3c0, ftLastAccessTime.dwHighDateTime=0x1d9b340, ftLastWriteTime.dwLowDateTime=0x3fb0a3c0, ftLastWriteTime.dwHighDateTime=0x1d9b340, nFileSizeHigh=0x0, nFileSizeLow=0x269f, dwReserved0=0x0, dwReserved1=0x0, cFileName="prv-43xC-PpR5k.ppt", cAlternateFileName="PRV-43~1.PPT")) returned 1 [0212.468] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ff3bd30, ftCreationTime.dwHighDateTime=0x1d9b228, ftLastAccessTime.dwLowDateTime=0x48ddab80, ftLastAccessTime.dwHighDateTime=0x1d9b45f, ftLastWriteTime.dwLowDateTime=0x48ddab80, ftLastWriteTime.dwHighDateTime=0x1d9b45f, nFileSizeHigh=0x0, nFileSizeLow=0x148b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="rd6vVBpCT6eLzirYJclG.mp3", cAlternateFileName="RD6VVB~1.MP3")) returned 1 [0212.468] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94973330, ftCreationTime.dwHighDateTime=0x1d9aae5, ftLastAccessTime.dwLowDateTime=0x23d680, ftLastAccessTime.dwHighDateTime=0x1d9ae47, ftLastWriteTime.dwLowDateTime=0x23d680, ftLastWriteTime.dwHighDateTime=0x1d9ae47, nFileSizeHigh=0x0, nFileSizeLow=0xbf58, dwReserved0=0x0, dwReserved1=0x0, cFileName="rPOVwsLPVM1oA7VqHs.m4a", cAlternateFileName="RPOVWS~1.M4A")) returned 1 [0212.468] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b455070, ftCreationTime.dwHighDateTime=0x1d9ae56, ftLastAccessTime.dwLowDateTime=0xad0326f0, ftLastAccessTime.dwHighDateTime=0x1d9ae72, ftLastWriteTime.dwLowDateTime=0xad0326f0, ftLastWriteTime.dwHighDateTime=0x1d9ae72, nFileSizeHigh=0x0, nFileSizeLow=0xa793, dwReserved0=0x0, dwReserved1=0x0, cFileName="rUm0obUdFHm5BS.odp", cAlternateFileName="RUM0OB~1.ODP")) returned 1 [0212.469] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97c54f50, ftCreationTime.dwHighDateTime=0x1d9a6cc, ftLastAccessTime.dwLowDateTime=0xf545a1f0, ftLastAccessTime.dwHighDateTime=0x1d9a7b9, ftLastWriteTime.dwLowDateTime=0xf545a1f0, ftLastWriteTime.dwHighDateTime=0x1d9a7b9, nFileSizeHigh=0x0, nFileSizeLow=0xe872, dwReserved0=0x0, dwReserved1=0x0, cFileName="wsjB3_tj0w.jpg", cAlternateFileName="WSJB3_~1.JPG")) returned 1 [0212.469] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94c1d600, ftCreationTime.dwHighDateTime=0x1d9a80e, ftLastAccessTime.dwLowDateTime=0x8fd71320, ftLastAccessTime.dwHighDateTime=0x1d9b174, ftLastWriteTime.dwLowDateTime=0x8fd71320, ftLastWriteTime.dwHighDateTime=0x1d9b174, nFileSizeHigh=0x0, nFileSizeLow=0x7ca7, dwReserved0=0x0, dwReserved1=0x0, cFileName="wvg1idrrrWddZnZP.swf", cAlternateFileName="WVG1ID~1.SWF")) returned 1 [0212.469] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ff2950, ftCreationTime.dwHighDateTime=0x1d9b1d3, ftLastAccessTime.dwLowDateTime=0x1b7c7bf0, ftLastAccessTime.dwHighDateTime=0x1d9b26e, ftLastWriteTime.dwLowDateTime=0x1b7c7bf0, ftLastWriteTime.dwHighDateTime=0x1d9b26e, nFileSizeHigh=0x0, nFileSizeLow=0x539b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xvc2R9.flv", cAlternateFileName="")) returned 1 [0212.470] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26ff2dc0, ftCreationTime.dwHighDateTime=0x1d9b0bf, ftLastAccessTime.dwLowDateTime=0xf078e540, ftLastAccessTime.dwHighDateTime=0x1d9b30a, ftLastWriteTime.dwLowDateTime=0xf078e540, ftLastWriteTime.dwHighDateTime=0x1d9b30a, nFileSizeHigh=0x0, nFileSizeLow=0xfac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="YkjIrU5f.pps", cAlternateFileName="")) returned 1 [0212.470] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.470] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0212.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.471] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc", lpFilePart=0x0) returned 0x20 [0212.472] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\-mUkc\\*" (normalized: "c:\\users\\oqxzraykm\\desktop\\-mukc\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3339d10, ftCreationTime.dwHighDateTime=0x1d9ace4, ftLastAccessTime.dwLowDateTime=0xe9a908ad, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x19974df0, ftLastWriteTime.dwHighDateTime=0x1d9b4ef, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.472] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3339d10, ftCreationTime.dwHighDateTime=0x1d9ace4, ftLastAccessTime.dwLowDateTime=0xe9a908ad, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x19974df0, ftLastWriteTime.dwHighDateTime=0x1d9b4ef, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.472] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a8d2640, ftCreationTime.dwHighDateTime=0x1d9b0ae, ftLastAccessTime.dwLowDateTime=0x5f69e890, ftLastAccessTime.dwHighDateTime=0x1d9b2a3, ftLastWriteTime.dwLowDateTime=0x5f69e890, ftLastWriteTime.dwHighDateTime=0x1d9b2a3, nFileSizeHigh=0x0, nFileSizeLow=0x5f4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="-kzqFR.mp3", cAlternateFileName="")) returned 1 [0212.472] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9c55a90, ftCreationTime.dwHighDateTime=0x1d9b28a, ftLastAccessTime.dwLowDateTime=0x73827b70, ftLastAccessTime.dwHighDateTime=0x1d9b335, ftLastWriteTime.dwLowDateTime=0x73827b70, ftLastWriteTime.dwHighDateTime=0x1d9b335, nFileSizeHigh=0x0, nFileSizeLow=0xaefc, dwReserved0=0x0, dwReserved1=0x0, cFileName="3um74xQY2dRtB2 VeQ.jpg", cAlternateFileName="3UM74X~1.JPG")) returned 1 [0212.472] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x359f9b50, ftCreationTime.dwHighDateTime=0x1d9b176, ftLastAccessTime.dwLowDateTime=0xfcc751e0, ftLastAccessTime.dwHighDateTime=0x1d9b3d4, ftLastWriteTime.dwLowDateTime=0xfcc751e0, ftLastWriteTime.dwHighDateTime=0x1d9b3d4, nFileSizeHigh=0x0, nFileSizeLow=0x14cbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="9AjDMxYYRmVLRHhVCY P.avi", cAlternateFileName="9AJDMX~1.AVI")) returned 1 [0212.472] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7b4a5b0, ftCreationTime.dwHighDateTime=0x1d9b3f3, ftLastAccessTime.dwLowDateTime=0x7058a7a0, ftLastAccessTime.dwHighDateTime=0x1d9b536, ftLastWriteTime.dwLowDateTime=0x7058a7a0, ftLastWriteTime.dwHighDateTime=0x1d9b536, nFileSizeHigh=0x0, nFileSizeLow=0xc28b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eTG7NzXPZhX.jpg", cAlternateFileName="ETG7NZ~1.JPG")) returned 1 [0212.472] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7a71470, ftCreationTime.dwHighDateTime=0x1d9afb0, ftLastAccessTime.dwLowDateTime=0xc569a940, ftLastAccessTime.dwHighDateTime=0x1d9b3bc, ftLastWriteTime.dwLowDateTime=0xc569a940, ftLastWriteTime.dwHighDateTime=0x1d9b3bc, nFileSizeHigh=0x0, nFileSizeLow=0x177a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="gx-lni4aupUfI o.mp3", cAlternateFileName="GX-LNI~1.MP3")) returned 1 [0212.473] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x464246f0, ftCreationTime.dwHighDateTime=0x1d9b3ed, ftLastAccessTime.dwLowDateTime=0x3192eb60, ftLastAccessTime.dwHighDateTime=0x1d9b555, ftLastWriteTime.dwLowDateTime=0x3192eb60, ftLastWriteTime.dwHighDateTime=0x1d9b555, nFileSizeHigh=0x0, nFileSizeLow=0x67e, dwReserved0=0x0, dwReserved1=0x0, cFileName="IrM2_7YhV9DP4.swf", cAlternateFileName="IRM2_7~1.SWF")) returned 1 [0212.473] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10759b40, ftCreationTime.dwHighDateTime=0x1d9ae06, ftLastAccessTime.dwLowDateTime=0x3fb0a3c0, ftLastAccessTime.dwHighDateTime=0x1d9b340, ftLastWriteTime.dwLowDateTime=0x3fb0a3c0, ftLastWriteTime.dwHighDateTime=0x1d9b340, nFileSizeHigh=0x0, nFileSizeLow=0x269f, dwReserved0=0x0, dwReserved1=0x0, cFileName="prv-43xC-PpR5k.ppt", cAlternateFileName="PRV-43~1.PPT")) returned 1 [0212.473] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ff3bd30, ftCreationTime.dwHighDateTime=0x1d9b228, ftLastAccessTime.dwLowDateTime=0x48ddab80, ftLastAccessTime.dwHighDateTime=0x1d9b45f, ftLastWriteTime.dwLowDateTime=0x48ddab80, ftLastWriteTime.dwHighDateTime=0x1d9b45f, nFileSizeHigh=0x0, nFileSizeLow=0x148b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="rd6vVBpCT6eLzirYJclG.mp3", cAlternateFileName="RD6VVB~1.MP3")) returned 1 [0212.473] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94973330, ftCreationTime.dwHighDateTime=0x1d9aae5, ftLastAccessTime.dwLowDateTime=0x23d680, ftLastAccessTime.dwHighDateTime=0x1d9ae47, ftLastWriteTime.dwLowDateTime=0x23d680, ftLastWriteTime.dwHighDateTime=0x1d9ae47, nFileSizeHigh=0x0, nFileSizeLow=0xbf58, dwReserved0=0x0, dwReserved1=0x0, cFileName="rPOVwsLPVM1oA7VqHs.m4a", cAlternateFileName="RPOVWS~1.M4A")) returned 1 [0212.473] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b455070, ftCreationTime.dwHighDateTime=0x1d9ae56, ftLastAccessTime.dwLowDateTime=0xad0326f0, ftLastAccessTime.dwHighDateTime=0x1d9ae72, ftLastWriteTime.dwLowDateTime=0xad0326f0, ftLastWriteTime.dwHighDateTime=0x1d9ae72, nFileSizeHigh=0x0, nFileSizeLow=0xa793, dwReserved0=0x0, dwReserved1=0x0, cFileName="rUm0obUdFHm5BS.odp", cAlternateFileName="RUM0OB~1.ODP")) returned 1 [0212.473] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97c54f50, ftCreationTime.dwHighDateTime=0x1d9a6cc, ftLastAccessTime.dwLowDateTime=0xf545a1f0, ftLastAccessTime.dwHighDateTime=0x1d9a7b9, ftLastWriteTime.dwLowDateTime=0xf545a1f0, ftLastWriteTime.dwHighDateTime=0x1d9a7b9, nFileSizeHigh=0x0, nFileSizeLow=0xe872, dwReserved0=0x0, dwReserved1=0x0, cFileName="wsjB3_tj0w.jpg", cAlternateFileName="WSJB3_~1.JPG")) returned 1 [0212.473] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94c1d600, ftCreationTime.dwHighDateTime=0x1d9a80e, ftLastAccessTime.dwLowDateTime=0x8fd71320, ftLastAccessTime.dwHighDateTime=0x1d9b174, ftLastWriteTime.dwLowDateTime=0x8fd71320, ftLastWriteTime.dwHighDateTime=0x1d9b174, nFileSizeHigh=0x0, nFileSizeLow=0x7ca7, dwReserved0=0x0, dwReserved1=0x0, cFileName="wvg1idrrrWddZnZP.swf", cAlternateFileName="WVG1ID~1.SWF")) returned 1 [0212.473] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ff2950, ftCreationTime.dwHighDateTime=0x1d9b1d3, ftLastAccessTime.dwLowDateTime=0x1b7c7bf0, ftLastAccessTime.dwHighDateTime=0x1d9b26e, ftLastWriteTime.dwLowDateTime=0x1b7c7bf0, ftLastWriteTime.dwHighDateTime=0x1d9b26e, nFileSizeHigh=0x0, nFileSizeLow=0x539b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xvc2R9.flv", cAlternateFileName="")) returned 1 [0212.473] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26ff2dc0, ftCreationTime.dwHighDateTime=0x1d9b0bf, ftLastAccessTime.dwLowDateTime=0xf078e540, ftLastAccessTime.dwHighDateTime=0x1d9b30a, ftLastWriteTime.dwLowDateTime=0xf078e540, ftLastWriteTime.dwHighDateTime=0x1d9b30a, nFileSizeHigh=0x0, nFileSizeLow=0xfac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="YkjIrU5f.pps", cAlternateFileName="")) returned 1 [0212.473] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26ff2dc0, ftCreationTime.dwHighDateTime=0x1d9b0bf, ftLastAccessTime.dwLowDateTime=0xf078e540, ftLastAccessTime.dwHighDateTime=0x1d9b30a, ftLastWriteTime.dwLowDateTime=0xf078e540, ftLastWriteTime.dwHighDateTime=0x1d9b30a, nFileSizeHigh=0x0, nFileSizeLow=0xfac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="YkjIrU5f.pps", cAlternateFileName="")) returned 0 [0212.474] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0212.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.474] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents", lpFilePart=0x0) returned 0x1c [0212.478] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdc30a0e7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b39779e, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0212.478] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdc30a0e7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b39779e, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.479] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9babb240, ftCreationTime.dwHighDateTime=0x1d9b085, ftLastAccessTime.dwLowDateTime=0xe005b4b2, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd07a37e0, ftLastWriteTime.dwHighDateTime=0x1d9b287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-6JvN5S1cqNGvPDY", cAlternateFileName="-6JVN5~1")) returned 1 [0212.479] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4798a20, ftCreationTime.dwHighDateTime=0x1d955ef, ftLastAccessTime.dwLowDateTime=0xf1ea26f0, ftLastAccessTime.dwHighDateTime=0x1d99078, ftLastWriteTime.dwLowDateTime=0xf1ea26f0, ftLastWriteTime.dwHighDateTime=0x1d99078, nFileSizeHigh=0x0, nFileSizeLow=0x128c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="amGLU92hTOyVS.pptx", cAlternateFileName="AMGLU9~1.PPT")) returned 1 [0212.479] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e963560, ftCreationTime.dwHighDateTime=0x1d9990f, ftLastAccessTime.dwLowDateTime=0xd9efe230, ftLastAccessTime.dwHighDateTime=0x1d9a25f, ftLastWriteTime.dwLowDateTime=0xd9efe230, ftLastWriteTime.dwHighDateTime=0x1d9a25f, nFileSizeHigh=0x0, nFileSizeLow=0xca04, dwReserved0=0x0, dwReserved1=0x0, cFileName="aqmU9TUpYSVIUMRXMae4.docx", cAlternateFileName="AQMU9T~1.DOC")) returned 1 [0212.479] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c4bc470, ftCreationTime.dwHighDateTime=0x1d92b3e, ftLastAccessTime.dwLowDateTime=0xbfe4d9a0, ftLastAccessTime.dwHighDateTime=0x1d93dc8, ftLastWriteTime.dwLowDateTime=0xbfe4d9a0, ftLastWriteTime.dwHighDateTime=0x1d93dc8, nFileSizeHigh=0x0, nFileSizeLow=0xba99, dwReserved0=0x0, dwReserved1=0x0, cFileName="b GzxP7sA1S-0PBuwA.xlsx", cAlternateFileName="BGZXP7~1.XLS")) returned 1 [0212.479] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3528d00, ftCreationTime.dwHighDateTime=0x1d946c5, ftLastAccessTime.dwLowDateTime=0xe0668bb0, ftLastAccessTime.dwHighDateTime=0x1d94ffc, ftLastWriteTime.dwLowDateTime=0xe0668bb0, ftLastWriteTime.dwHighDateTime=0x1d94ffc, nFileSizeHigh=0x0, nFileSizeLow=0x319e, dwReserved0=0x0, dwReserved1=0x0, cFileName="CIdAi4WoBaReZGuNW3Z.xlsx", cAlternateFileName="CIDAI4~1.XLS")) returned 1 [0212.479] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51bb7e0b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdc30a0e7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51fe3fad, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.479] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffa1e0d0, ftCreationTime.dwHighDateTime=0x1d9b0ad, ftLastAccessTime.dwLowDateTime=0xa57ac550, ftLastAccessTime.dwHighDateTime=0x1d9b4e4, ftLastWriteTime.dwLowDateTime=0xa57ac550, ftLastWriteTime.dwHighDateTime=0x1d9b4e4, nFileSizeHigh=0x0, nFileSizeLow=0x10083, dwReserved0=0x0, dwReserved1=0x0, cFileName="e_2t.docx", cAlternateFileName="E_2T~1.DOC")) returned 1 [0212.479] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb63ff1b0, ftCreationTime.dwHighDateTime=0x1d937e6, ftLastAccessTime.dwLowDateTime=0x618e49a0, ftLastAccessTime.dwHighDateTime=0x1d93fac, ftLastWriteTime.dwLowDateTime=0x618e49a0, ftLastWriteTime.dwHighDateTime=0x1d93fac, nFileSizeHigh=0x0, nFileSizeLow=0x17012, dwReserved0=0x0, dwReserved1=0x0, cFileName="GC 5fQQJc4NHBM7mhV.docx", cAlternateFileName="GC5FQQ~1.DOC")) returned 1 [0212.480] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4186180, ftCreationTime.dwHighDateTime=0x1d9535c, ftLastAccessTime.dwLowDateTime=0xe77a06e0, ftLastAccessTime.dwHighDateTime=0x1d983df, ftLastWriteTime.dwLowDateTime=0xe77a06e0, ftLastWriteTime.dwHighDateTime=0x1d983df, nFileSizeHigh=0x0, nFileSizeLow=0x17492, dwReserved0=0x0, dwReserved1=0x0, cFileName="GDLIsvWIqGajKiRN9dGO.pptx", cAlternateFileName="GDLISV~1.PPT")) returned 1 [0212.480] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe13164b0, ftCreationTime.dwHighDateTime=0x1d94b39, ftLastAccessTime.dwLowDateTime=0xdc0fbe60, ftLastAccessTime.dwHighDateTime=0x1d94c0f, ftLastWriteTime.dwLowDateTime=0xdc0fbe60, ftLastWriteTime.dwHighDateTime=0x1d94c0f, nFileSizeHigh=0x0, nFileSizeLow=0xe33d, dwReserved0=0x0, dwReserved1=0x0, cFileName="gmIBz_0QcERv2HE.docx", cAlternateFileName="GMIBZ_~1.DOC")) returned 1 [0212.480] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3f93de50, ftCreationTime.dwHighDateTime=0x1d9a69a, ftLastAccessTime.dwLowDateTime=0xe5c9a627, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfeaa85d0, ftLastWriteTime.dwHighDateTime=0x1d9b1dc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kQnIf5", cAlternateFileName="")) returned 1 [0212.480] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd954080, ftCreationTime.dwHighDateTime=0x1d94322, ftLastAccessTime.dwLowDateTime=0x7b276780, ftLastAccessTime.dwHighDateTime=0x1d9a86a, ftLastWriteTime.dwLowDateTime=0x7b276780, ftLastWriteTime.dwHighDateTime=0x1d9a86a, nFileSizeHigh=0x0, nFileSizeLow=0x9676, dwReserved0=0x0, dwReserved1=0x0, cFileName="m62mMrqX1.pptx", cAlternateFileName="M62MMR~1.PPT")) returned 1 [0212.480] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x33362d37, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x33362d37, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x33362d37, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0212.480] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x33362d37, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x33362d37, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x33362d37, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0212.480] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0212.480] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d152d10, ftCreationTime.dwHighDateTime=0x1d9a27e, ftLastAccessTime.dwLowDateTime=0xdda97c80, ftLastAccessTime.dwHighDateTime=0x1d9b32e, ftLastWriteTime.dwLowDateTime=0xdda97c80, ftLastWriteTime.dwHighDateTime=0x1d9b32e, nFileSizeHigh=0x0, nFileSizeLow=0xdc47, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="oBVXWpqYBK.pptx", cAlternateFileName="OBVXWP~1.PPT")) returned 1 [0212.480] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49fa35b0, ftCreationTime.dwHighDateTime=0x1d9af96, ftLastAccessTime.dwLowDateTime=0xdc925f02, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x5884c8a0, ftLastWriteTime.dwHighDateTime=0x1d9b42f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OgZRcboo9", cAlternateFileName="OGZRCB~1")) returned 1 [0212.481] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa86087d0, ftCreationTime.dwHighDateTime=0x1d96cb1, ftLastAccessTime.dwLowDateTime=0xfa9d5d20, ftLastAccessTime.dwHighDateTime=0x1d97864, ftLastWriteTime.dwLowDateTime=0xfa9d5d20, ftLastWriteTime.dwHighDateTime=0x1d97864, nFileSizeHigh=0x0, nFileSizeLow=0x2383, dwReserved0=0x0, dwReserved1=0x0, cFileName="P Qbc4C6_8tW2SWaqVE.xlsx", cAlternateFileName="PQBC4C~1.XLS")) returned 1 [0212.481] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a6b1c70, ftCreationTime.dwHighDateTime=0x1d934e7, ftLastAccessTime.dwLowDateTime=0xd425cba0, ftLastAccessTime.dwHighDateTime=0x1d99768, ftLastWriteTime.dwLowDateTime=0xd425cba0, ftLastWriteTime.dwHighDateTime=0x1d99768, nFileSizeHigh=0x0, nFileSizeLow=0x173a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="q_HhEd.pptx", cAlternateFileName="Q_HHED~1.PPT")) returned 1 [0212.481] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6806dc70, ftCreationTime.dwHighDateTime=0x1d97f58, ftLastAccessTime.dwLowDateTime=0xeab42440, ftLastAccessTime.dwHighDateTime=0x1d9a120, ftLastWriteTime.dwLowDateTime=0xeab42440, ftLastWriteTime.dwHighDateTime=0x1d9a120, nFileSizeHigh=0x0, nFileSizeLow=0xea05, dwReserved0=0x0, dwReserved1=0x0, cFileName="smN8Rnib6nLWu.xlsx", cAlternateFileName="SMN8RN~1.XLS")) returned 1 [0212.481] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46ce4780, ftCreationTime.dwHighDateTime=0x1d93fb3, ftLastAccessTime.dwLowDateTime=0xeb0cc830, ftLastAccessTime.dwHighDateTime=0x1d9a368, ftLastWriteTime.dwLowDateTime=0xeb0cc830, ftLastWriteTime.dwHighDateTime=0x1d9a368, nFileSizeHigh=0x0, nFileSizeLow=0x2f37, dwReserved0=0x0, dwReserved1=0x0, cFileName="tFcCKPod.docx", cAlternateFileName="TFCCKP~1.DOC")) returned 1 [0212.481] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb9fe580, ftCreationTime.dwHighDateTime=0x1d956be, ftLastAccessTime.dwLowDateTime=0xcd36ac0, ftLastAccessTime.dwHighDateTime=0x1d98d37, ftLastWriteTime.dwLowDateTime=0xcd36ac0, ftLastWriteTime.dwHighDateTime=0x1d98d37, nFileSizeHigh=0x0, nFileSizeLow=0x9d68, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr9U.xlsx", cAlternateFileName="TR9U~1.XLS")) returned 1 [0212.483] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3316cf10, ftCreationTime.dwHighDateTime=0x1d9a8da, ftLastAccessTime.dwLowDateTime=0xddeef426, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x907f3970, ftLastWriteTime.dwHighDateTime=0x1d9b376, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vPtkmO", cAlternateFileName="")) returned 1 [0212.483] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad688e00, ftCreationTime.dwHighDateTime=0x1d95fda, ftLastAccessTime.dwLowDateTime=0x2e8d5b70, ftLastAccessTime.dwHighDateTime=0x1d96272, ftLastWriteTime.dwLowDateTime=0x2e8d5b70, ftLastWriteTime.dwHighDateTime=0x1d96272, nFileSizeHigh=0x0, nFileSizeLow=0x16d44, dwReserved0=0x0, dwReserved1=0x0, cFileName="vrypMS0u_xB.docx", cAlternateFileName="VRYPMS~1.DOC")) returned 1 [0212.483] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe62dec80, ftCreationTime.dwHighDateTime=0x1d9ab6b, ftLastAccessTime.dwLowDateTime=0x21e79880, ftLastAccessTime.dwHighDateTime=0x1d9b264, ftLastWriteTime.dwLowDateTime=0x21e79880, ftLastWriteTime.dwHighDateTime=0x1d9b264, nFileSizeHigh=0x0, nFileSizeLow=0x8112, dwReserved0=0x0, dwReserved1=0x0, cFileName="WfobQHYIBDGT.ods", cAlternateFileName="WFOBQH~1.ODS")) returned 1 [0212.483] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ae800fd, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x7ae800fd, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x7ae800fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsPowerShell", cAlternateFileName="WINDOW~1")) returned 1 [0212.483] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x405fd490, ftCreationTime.dwHighDateTime=0x1d9ad63, ftLastAccessTime.dwLowDateTime=0xe40033de, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7f28df0, ftLastWriteTime.dwHighDateTime=0x1d9b420, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XAdPkF7sUkUXx_LAj0", cAlternateFileName="XADPKF~1")) returned 1 [0212.483] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3abccec0, ftCreationTime.dwHighDateTime=0x1d9af35, ftLastAccessTime.dwLowDateTime=0xe5c95f90, ftLastAccessTime.dwHighDateTime=0x1d9afa3, ftLastWriteTime.dwLowDateTime=0xe5c95f90, ftLastWriteTime.dwHighDateTime=0x1d9afa3, nFileSizeHigh=0x0, nFileSizeLow=0x4a04, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yme_Rm4L2kuXKjrR V.odp", cAlternateFileName="YME_RM~1.ODP")) returned 1 [0212.483] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.484] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0212.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.484] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents", lpFilePart=0x0) returned 0x1c [0212.485] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\*" (normalized: "c:\\users\\oqxzraykm\\documents\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdc30a0e7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b39779e, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0212.485] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdc30a0e7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b39779e, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.485] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9babb240, ftCreationTime.dwHighDateTime=0x1d9b085, ftLastAccessTime.dwLowDateTime=0xe005b4b2, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd07a37e0, ftLastWriteTime.dwHighDateTime=0x1d9b287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-6JvN5S1cqNGvPDY", cAlternateFileName="-6JVN5~1")) returned 1 [0212.485] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4798a20, ftCreationTime.dwHighDateTime=0x1d955ef, ftLastAccessTime.dwLowDateTime=0xf1ea26f0, ftLastAccessTime.dwHighDateTime=0x1d99078, ftLastWriteTime.dwLowDateTime=0xf1ea26f0, ftLastWriteTime.dwHighDateTime=0x1d99078, nFileSizeHigh=0x0, nFileSizeLow=0x128c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="amGLU92hTOyVS.pptx", cAlternateFileName="AMGLU9~1.PPT")) returned 1 [0212.486] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e963560, ftCreationTime.dwHighDateTime=0x1d9990f, ftLastAccessTime.dwLowDateTime=0xd9efe230, ftLastAccessTime.dwHighDateTime=0x1d9a25f, ftLastWriteTime.dwLowDateTime=0xd9efe230, ftLastWriteTime.dwHighDateTime=0x1d9a25f, nFileSizeHigh=0x0, nFileSizeLow=0xca04, dwReserved0=0x0, dwReserved1=0x0, cFileName="aqmU9TUpYSVIUMRXMae4.docx", cAlternateFileName="AQMU9T~1.DOC")) returned 1 [0212.486] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c4bc470, ftCreationTime.dwHighDateTime=0x1d92b3e, ftLastAccessTime.dwLowDateTime=0xbfe4d9a0, ftLastAccessTime.dwHighDateTime=0x1d93dc8, ftLastWriteTime.dwLowDateTime=0xbfe4d9a0, ftLastWriteTime.dwHighDateTime=0x1d93dc8, nFileSizeHigh=0x0, nFileSizeLow=0xba99, dwReserved0=0x0, dwReserved1=0x0, cFileName="b GzxP7sA1S-0PBuwA.xlsx", cAlternateFileName="BGZXP7~1.XLS")) returned 1 [0212.486] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3528d00, ftCreationTime.dwHighDateTime=0x1d946c5, ftLastAccessTime.dwLowDateTime=0xe0668bb0, ftLastAccessTime.dwHighDateTime=0x1d94ffc, ftLastWriteTime.dwLowDateTime=0xe0668bb0, ftLastWriteTime.dwHighDateTime=0x1d94ffc, nFileSizeHigh=0x0, nFileSizeLow=0x319e, dwReserved0=0x0, dwReserved1=0x0, cFileName="CIdAi4WoBaReZGuNW3Z.xlsx", cAlternateFileName="CIDAI4~1.XLS")) returned 1 [0212.486] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51bb7e0b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdc30a0e7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51fe3fad, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.486] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffa1e0d0, ftCreationTime.dwHighDateTime=0x1d9b0ad, ftLastAccessTime.dwLowDateTime=0xa57ac550, ftLastAccessTime.dwHighDateTime=0x1d9b4e4, ftLastWriteTime.dwLowDateTime=0xa57ac550, ftLastWriteTime.dwHighDateTime=0x1d9b4e4, nFileSizeHigh=0x0, nFileSizeLow=0x10083, dwReserved0=0x0, dwReserved1=0x0, cFileName="e_2t.docx", cAlternateFileName="E_2T~1.DOC")) returned 1 [0212.486] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb63ff1b0, ftCreationTime.dwHighDateTime=0x1d937e6, ftLastAccessTime.dwLowDateTime=0x618e49a0, ftLastAccessTime.dwHighDateTime=0x1d93fac, ftLastWriteTime.dwLowDateTime=0x618e49a0, ftLastWriteTime.dwHighDateTime=0x1d93fac, nFileSizeHigh=0x0, nFileSizeLow=0x17012, dwReserved0=0x0, dwReserved1=0x0, cFileName="GC 5fQQJc4NHBM7mhV.docx", cAlternateFileName="GC5FQQ~1.DOC")) returned 1 [0212.486] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4186180, ftCreationTime.dwHighDateTime=0x1d9535c, ftLastAccessTime.dwLowDateTime=0xe77a06e0, ftLastAccessTime.dwHighDateTime=0x1d983df, ftLastWriteTime.dwLowDateTime=0xe77a06e0, ftLastWriteTime.dwHighDateTime=0x1d983df, nFileSizeHigh=0x0, nFileSizeLow=0x17492, dwReserved0=0x0, dwReserved1=0x0, cFileName="GDLIsvWIqGajKiRN9dGO.pptx", cAlternateFileName="GDLISV~1.PPT")) returned 1 [0212.486] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe13164b0, ftCreationTime.dwHighDateTime=0x1d94b39, ftLastAccessTime.dwLowDateTime=0xdc0fbe60, ftLastAccessTime.dwHighDateTime=0x1d94c0f, ftLastWriteTime.dwLowDateTime=0xdc0fbe60, ftLastWriteTime.dwHighDateTime=0x1d94c0f, nFileSizeHigh=0x0, nFileSizeLow=0xe33d, dwReserved0=0x0, dwReserved1=0x0, cFileName="gmIBz_0QcERv2HE.docx", cAlternateFileName="GMIBZ_~1.DOC")) returned 1 [0212.486] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3f93de50, ftCreationTime.dwHighDateTime=0x1d9a69a, ftLastAccessTime.dwLowDateTime=0xe5c9a627, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfeaa85d0, ftLastWriteTime.dwHighDateTime=0x1d9b1dc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kQnIf5", cAlternateFileName="")) returned 1 [0212.487] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd954080, ftCreationTime.dwHighDateTime=0x1d94322, ftLastAccessTime.dwLowDateTime=0x7b276780, ftLastAccessTime.dwHighDateTime=0x1d9a86a, ftLastWriteTime.dwLowDateTime=0x7b276780, ftLastWriteTime.dwHighDateTime=0x1d9a86a, nFileSizeHigh=0x0, nFileSizeLow=0x9676, dwReserved0=0x0, dwReserved1=0x0, cFileName="m62mMrqX1.pptx", cAlternateFileName="M62MMR~1.PPT")) returned 1 [0212.487] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x33362d37, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x33362d37, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x33362d37, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0212.487] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x33362d37, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x33362d37, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x33362d37, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0212.487] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3338908f, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x3338908f, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0212.487] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d152d10, ftCreationTime.dwHighDateTime=0x1d9a27e, ftLastAccessTime.dwLowDateTime=0xdda97c80, ftLastAccessTime.dwHighDateTime=0x1d9b32e, ftLastWriteTime.dwLowDateTime=0xdda97c80, ftLastWriteTime.dwHighDateTime=0x1d9b32e, nFileSizeHigh=0x0, nFileSizeLow=0xdc47, dwReserved0=0x0, dwReserved1=0x0, cFileName="oBVXWpqYBK.pptx", cAlternateFileName="OBVXWP~1.PPT")) returned 1 [0212.487] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49fa35b0, ftCreationTime.dwHighDateTime=0x1d9af96, ftLastAccessTime.dwLowDateTime=0xdc925f02, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x5884c8a0, ftLastWriteTime.dwHighDateTime=0x1d9b42f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OgZRcboo9", cAlternateFileName="OGZRCB~1")) returned 1 [0212.487] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa86087d0, ftCreationTime.dwHighDateTime=0x1d96cb1, ftLastAccessTime.dwLowDateTime=0xfa9d5d20, ftLastAccessTime.dwHighDateTime=0x1d97864, ftLastWriteTime.dwLowDateTime=0xfa9d5d20, ftLastWriteTime.dwHighDateTime=0x1d97864, nFileSizeHigh=0x0, nFileSizeLow=0x2383, dwReserved0=0x0, dwReserved1=0x0, cFileName="P Qbc4C6_8tW2SWaqVE.xlsx", cAlternateFileName="PQBC4C~1.XLS")) returned 1 [0212.488] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a6b1c70, ftCreationTime.dwHighDateTime=0x1d934e7, ftLastAccessTime.dwLowDateTime=0xd425cba0, ftLastAccessTime.dwHighDateTime=0x1d99768, ftLastWriteTime.dwLowDateTime=0xd425cba0, ftLastWriteTime.dwHighDateTime=0x1d99768, nFileSizeHigh=0x0, nFileSizeLow=0x173a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="q_HhEd.pptx", cAlternateFileName="Q_HHED~1.PPT")) returned 1 [0212.488] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6806dc70, ftCreationTime.dwHighDateTime=0x1d97f58, ftLastAccessTime.dwLowDateTime=0xeab42440, ftLastAccessTime.dwHighDateTime=0x1d9a120, ftLastWriteTime.dwLowDateTime=0xeab42440, ftLastWriteTime.dwHighDateTime=0x1d9a120, nFileSizeHigh=0x0, nFileSizeLow=0xea05, dwReserved0=0x0, dwReserved1=0x0, cFileName="smN8Rnib6nLWu.xlsx", cAlternateFileName="SMN8RN~1.XLS")) returned 1 [0212.488] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46ce4780, ftCreationTime.dwHighDateTime=0x1d93fb3, ftLastAccessTime.dwLowDateTime=0xeb0cc830, ftLastAccessTime.dwHighDateTime=0x1d9a368, ftLastWriteTime.dwLowDateTime=0xeb0cc830, ftLastWriteTime.dwHighDateTime=0x1d9a368, nFileSizeHigh=0x0, nFileSizeLow=0x2f37, dwReserved0=0x0, dwReserved1=0x0, cFileName="tFcCKPod.docx", cAlternateFileName="TFCCKP~1.DOC")) returned 1 [0212.488] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb9fe580, ftCreationTime.dwHighDateTime=0x1d956be, ftLastAccessTime.dwLowDateTime=0xcd36ac0, ftLastAccessTime.dwHighDateTime=0x1d98d37, ftLastWriteTime.dwLowDateTime=0xcd36ac0, ftLastWriteTime.dwHighDateTime=0x1d98d37, nFileSizeHigh=0x0, nFileSizeLow=0x9d68, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr9U.xlsx", cAlternateFileName="TR9U~1.XLS")) returned 1 [0212.488] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3316cf10, ftCreationTime.dwHighDateTime=0x1d9a8da, ftLastAccessTime.dwLowDateTime=0xddeef426, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x907f3970, ftLastWriteTime.dwHighDateTime=0x1d9b376, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vPtkmO", cAlternateFileName="")) returned 1 [0212.488] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad688e00, ftCreationTime.dwHighDateTime=0x1d95fda, ftLastAccessTime.dwLowDateTime=0x2e8d5b70, ftLastAccessTime.dwHighDateTime=0x1d96272, ftLastWriteTime.dwLowDateTime=0x2e8d5b70, ftLastWriteTime.dwHighDateTime=0x1d96272, nFileSizeHigh=0x0, nFileSizeLow=0x16d44, dwReserved0=0x0, dwReserved1=0x0, cFileName="vrypMS0u_xB.docx", cAlternateFileName="VRYPMS~1.DOC")) returned 1 [0212.488] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe62dec80, ftCreationTime.dwHighDateTime=0x1d9ab6b, ftLastAccessTime.dwLowDateTime=0x21e79880, ftLastAccessTime.dwHighDateTime=0x1d9b264, ftLastWriteTime.dwLowDateTime=0x21e79880, ftLastWriteTime.dwHighDateTime=0x1d9b264, nFileSizeHigh=0x0, nFileSizeLow=0x8112, dwReserved0=0x0, dwReserved1=0x0, cFileName="WfobQHYIBDGT.ods", cAlternateFileName="WFOBQH~1.ODS")) returned 1 [0212.488] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ae800fd, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x7ae800fd, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x7ae800fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsPowerShell", cAlternateFileName="WINDOW~1")) returned 1 [0212.488] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x405fd490, ftCreationTime.dwHighDateTime=0x1d9ad63, ftLastAccessTime.dwLowDateTime=0xe40033de, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7f28df0, ftLastWriteTime.dwHighDateTime=0x1d9b420, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XAdPkF7sUkUXx_LAj0", cAlternateFileName="XADPKF~1")) returned 1 [0212.489] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3abccec0, ftCreationTime.dwHighDateTime=0x1d9af35, ftLastAccessTime.dwLowDateTime=0xe5c95f90, ftLastAccessTime.dwHighDateTime=0x1d9afa3, ftLastWriteTime.dwLowDateTime=0xe5c95f90, ftLastWriteTime.dwHighDateTime=0x1d9afa3, nFileSizeHigh=0x0, nFileSizeLow=0x4a04, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yme_Rm4L2kuXKjrR V.odp", cAlternateFileName="YME_RM~1.ODP")) returned 1 [0212.489] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3abccec0, ftCreationTime.dwHighDateTime=0x1d9af35, ftLastAccessTime.dwLowDateTime=0xe5c95f90, ftLastAccessTime.dwHighDateTime=0x1d9afa3, ftLastWriteTime.dwLowDateTime=0xe5c95f90, ftLastWriteTime.dwHighDateTime=0x1d9afa3, nFileSizeHigh=0x0, nFileSizeLow=0x4a04, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yme_Rm4L2kuXKjrR V.odp", cAlternateFileName="YME_RM~1.ODP")) returned 0 [0212.489] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0212.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.489] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY", lpFilePart=0x0) returned 0x2d [0212.491] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\-6jvn5s1cqngvpdy\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9babb240, ftCreationTime.dwHighDateTime=0x1d9b085, ftLastAccessTime.dwLowDateTime=0xe005b4b2, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd07a37e0, ftLastWriteTime.dwHighDateTime=0x1d9b287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.492] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9babb240, ftCreationTime.dwHighDateTime=0x1d9b085, ftLastAccessTime.dwLowDateTime=0xe005b4b2, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd07a37e0, ftLastWriteTime.dwHighDateTime=0x1d9b287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.492] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9bb3d1d0, ftCreationTime.dwHighDateTime=0x1d9a5bf, ftLastAccessTime.dwLowDateTime=0xecef290b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x65f8f10, ftLastWriteTime.dwHighDateTime=0x1d9b466, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BmJalddlQRnVT8k_d-q", cAlternateFileName="BMJALD~1")) returned 1 [0212.492] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa06fef90, ftCreationTime.dwHighDateTime=0x1d9a80a, ftLastAccessTime.dwLowDateTime=0x72d91610, ftLastAccessTime.dwHighDateTime=0x1d9ae95, ftLastWriteTime.dwLowDateTime=0x72d91610, ftLastWriteTime.dwHighDateTime=0x1d9ae95, nFileSizeHigh=0x0, nFileSizeLow=0xd39c, dwReserved0=0x0, dwReserved1=0x0, cFileName="uLcxfT.pps", cAlternateFileName="")) returned 1 [0212.492] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61df9890, ftCreationTime.dwHighDateTime=0x1d9ab05, ftLastAccessTime.dwLowDateTime=0x4c035590, ftLastAccessTime.dwHighDateTime=0x1d9aeb9, ftLastWriteTime.dwLowDateTime=0x4c035590, ftLastWriteTime.dwHighDateTime=0x1d9aeb9, nFileSizeHigh=0x0, nFileSizeLow=0x6d9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="xmWl.csv", cAlternateFileName="")) returned 1 [0212.492] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.492] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.493] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY", lpFilePart=0x0) returned 0x2d [0212.494] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY\\*" (normalized: "c:\\users\\oqxzraykm\\documents\\-6jvn5s1cqngvpdy\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9babb240, ftCreationTime.dwHighDateTime=0x1d9b085, ftLastAccessTime.dwLowDateTime=0xe005b4b2, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd07a37e0, ftLastWriteTime.dwHighDateTime=0x1d9b287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.494] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9babb240, ftCreationTime.dwHighDateTime=0x1d9b085, ftLastAccessTime.dwLowDateTime=0xe005b4b2, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xd07a37e0, ftLastWriteTime.dwHighDateTime=0x1d9b287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.494] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9bb3d1d0, ftCreationTime.dwHighDateTime=0x1d9a5bf, ftLastAccessTime.dwLowDateTime=0xecef290b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x65f8f10, ftLastWriteTime.dwHighDateTime=0x1d9b466, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BmJalddlQRnVT8k_d-q", cAlternateFileName="BMJALD~1")) returned 1 [0212.494] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa06fef90, ftCreationTime.dwHighDateTime=0x1d9a80a, ftLastAccessTime.dwLowDateTime=0x72d91610, ftLastAccessTime.dwHighDateTime=0x1d9ae95, ftLastWriteTime.dwLowDateTime=0x72d91610, ftLastWriteTime.dwHighDateTime=0x1d9ae95, nFileSizeHigh=0x0, nFileSizeLow=0xd39c, dwReserved0=0x0, dwReserved1=0x0, cFileName="uLcxfT.pps", cAlternateFileName="")) returned 1 [0212.494] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61df9890, ftCreationTime.dwHighDateTime=0x1d9ab05, ftLastAccessTime.dwLowDateTime=0x4c035590, ftLastAccessTime.dwHighDateTime=0x1d9aeb9, ftLastWriteTime.dwLowDateTime=0x4c035590, ftLastWriteTime.dwHighDateTime=0x1d9aeb9, nFileSizeHigh=0x0, nFileSizeLow=0x6d9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="xmWl.csv", cAlternateFileName="")) returned 1 [0212.494] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61df9890, ftCreationTime.dwHighDateTime=0x1d9ab05, ftLastAccessTime.dwLowDateTime=0x4c035590, ftLastAccessTime.dwHighDateTime=0x1d9aeb9, ftLastWriteTime.dwLowDateTime=0x4c035590, ftLastWriteTime.dwHighDateTime=0x1d9aeb9, nFileSizeHigh=0x0, nFileSizeLow=0x6d9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="xmWl.csv", cAlternateFileName="")) returned 0 [0212.494] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.495] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY\\BmJalddlQRnVT8k_d-q", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY\\BmJalddlQRnVT8k_d-q", lpFilePart=0x0) returned 0x41 [0212.496] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY\\BmJalddlQRnVT8k_d-q\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\-6jvn5s1cqngvpdy\\bmjalddlqrnvt8k_d-q\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9bb3d1d0, ftCreationTime.dwHighDateTime=0x1d9a5bf, ftLastAccessTime.dwLowDateTime=0xecef290b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x65f8f10, ftLastWriteTime.dwHighDateTime=0x1d9b466, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601840 [0212.496] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9bb3d1d0, ftCreationTime.dwHighDateTime=0x1d9a5bf, ftLastAccessTime.dwLowDateTime=0xecef290b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x65f8f10, ftLastWriteTime.dwHighDateTime=0x1d9b466, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.496] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4f8bac0, ftCreationTime.dwHighDateTime=0x1d9a8a0, ftLastAccessTime.dwLowDateTime=0x19221a0, ftLastAccessTime.dwHighDateTime=0x1d9a967, ftLastWriteTime.dwLowDateTime=0x19221a0, ftLastWriteTime.dwHighDateTime=0x1d9a967, nFileSizeHigh=0x0, nFileSizeLow=0x16b17, dwReserved0=0x0, dwReserved1=0x0, cFileName="3q1llB5Op_QjTca2eDNb.odp", cAlternateFileName="3Q1LLB~1.ODP")) returned 1 [0212.496] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d5c87a0, ftCreationTime.dwHighDateTime=0x1d9afa3, ftLastAccessTime.dwLowDateTime=0x3020b120, ftLastAccessTime.dwHighDateTime=0x1d9b3bd, ftLastWriteTime.dwLowDateTime=0x3020b120, ftLastWriteTime.dwHighDateTime=0x1d9b3bd, nFileSizeHigh=0x0, nFileSizeLow=0x13ce4, dwReserved0=0x0, dwReserved1=0x0, cFileName="LFcvTFKle.pdf", cAlternateFileName="LFCVTF~1.PDF")) returned 1 [0212.496] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.496] FindClose (in: hFindFile=0x601840 | out: hFindFile=0x601840) returned 1 [0212.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0212.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0212.497] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.497] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY\\BmJalddlQRnVT8k_d-q", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY\\BmJalddlQRnVT8k_d-q", lpFilePart=0x0) returned 0x41 [0212.497] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\-6JvN5S1cqNGvPDY\\BmJalddlQRnVT8k_d-q\\*" (normalized: "c:\\users\\oqxzraykm\\documents\\-6jvn5s1cqngvpdy\\bmjalddlqrnvt8k_d-q\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9bb3d1d0, ftCreationTime.dwHighDateTime=0x1d9a5bf, ftLastAccessTime.dwLowDateTime=0xecef290b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x65f8f10, ftLastWriteTime.dwHighDateTime=0x1d9b466, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0212.498] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9bb3d1d0, ftCreationTime.dwHighDateTime=0x1d9a5bf, ftLastAccessTime.dwLowDateTime=0xecef290b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x65f8f10, ftLastWriteTime.dwHighDateTime=0x1d9b466, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.498] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4f8bac0, ftCreationTime.dwHighDateTime=0x1d9a8a0, ftLastAccessTime.dwLowDateTime=0x19221a0, ftLastAccessTime.dwHighDateTime=0x1d9a967, ftLastWriteTime.dwLowDateTime=0x19221a0, ftLastWriteTime.dwHighDateTime=0x1d9a967, nFileSizeHigh=0x0, nFileSizeLow=0x16b17, dwReserved0=0x0, dwReserved1=0x0, cFileName="3q1llB5Op_QjTca2eDNb.odp", cAlternateFileName="3Q1LLB~1.ODP")) returned 1 [0212.498] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d5c87a0, ftCreationTime.dwHighDateTime=0x1d9afa3, ftLastAccessTime.dwLowDateTime=0x3020b120, ftLastAccessTime.dwHighDateTime=0x1d9b3bd, ftLastWriteTime.dwLowDateTime=0x3020b120, ftLastWriteTime.dwHighDateTime=0x1d9b3bd, nFileSizeHigh=0x0, nFileSizeLow=0x13ce4, dwReserved0=0x0, dwReserved1=0x0, cFileName="LFcvTFKle.pdf", cAlternateFileName="LFCVTF~1.PDF")) returned 1 [0212.498] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d5c87a0, ftCreationTime.dwHighDateTime=0x1d9afa3, ftLastAccessTime.dwLowDateTime=0x3020b120, ftLastAccessTime.dwHighDateTime=0x1d9b3bd, ftLastWriteTime.dwLowDateTime=0x3020b120, ftLastWriteTime.dwHighDateTime=0x1d9b3bd, nFileSizeHigh=0x0, nFileSizeLow=0x13ce4, dwReserved0=0x0, dwReserved1=0x0, cFileName="LFcvTFKle.pdf", cAlternateFileName="LFCVTF~1.PDF")) returned 0 [0212.498] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0212.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0212.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0212.499] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.499] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\kQnIf5", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\kQnIf5", lpFilePart=0x0) returned 0x23 [0212.499] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\kQnIf5\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\kqnif5\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3f93de50, ftCreationTime.dwHighDateTime=0x1d9a69a, ftLastAccessTime.dwLowDateTime=0xe5c9a627, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfeaa85d0, ftLastWriteTime.dwHighDateTime=0x1d9b1dc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.500] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3f93de50, ftCreationTime.dwHighDateTime=0x1d9a69a, ftLastAccessTime.dwLowDateTime=0xe5c9a627, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfeaa85d0, ftLastWriteTime.dwHighDateTime=0x1d9b1dc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.500] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35d527a0, ftCreationTime.dwHighDateTime=0x1d9b1e1, ftLastAccessTime.dwLowDateTime=0x40544bf0, ftLastAccessTime.dwHighDateTime=0x1d9b4ef, ftLastWriteTime.dwLowDateTime=0x40544bf0, ftLastWriteTime.dwHighDateTime=0x1d9b4ef, nFileSizeHigh=0x0, nFileSizeLow=0xaf99, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dbg3Ddy9SSgsZKwE.doc", cAlternateFileName="DBG3DD~1.DOC")) returned 1 [0212.500] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.500] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.500] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\kQnIf5", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\kQnIf5", lpFilePart=0x0) returned 0x23 [0212.501] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\kQnIf5\\*" (normalized: "c:\\users\\oqxzraykm\\documents\\kqnif5\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3f93de50, ftCreationTime.dwHighDateTime=0x1d9a69a, ftLastAccessTime.dwLowDateTime=0xe5c9a627, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfeaa85d0, ftLastWriteTime.dwHighDateTime=0x1d9b1dc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0212.502] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3f93de50, ftCreationTime.dwHighDateTime=0x1d9a69a, ftLastAccessTime.dwLowDateTime=0xe5c9a627, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xfeaa85d0, ftLastWriteTime.dwHighDateTime=0x1d9b1dc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.502] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35d527a0, ftCreationTime.dwHighDateTime=0x1d9b1e1, ftLastAccessTime.dwLowDateTime=0x40544bf0, ftLastAccessTime.dwHighDateTime=0x1d9b4ef, ftLastWriteTime.dwLowDateTime=0x40544bf0, ftLastWriteTime.dwHighDateTime=0x1d9b4ef, nFileSizeHigh=0x0, nFileSizeLow=0xaf99, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dbg3Ddy9SSgsZKwE.doc", cAlternateFileName="DBG3DD~1.DOC")) returned 1 [0212.502] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35d527a0, ftCreationTime.dwHighDateTime=0x1d9b1e1, ftLastAccessTime.dwLowDateTime=0x40544bf0, ftLastAccessTime.dwHighDateTime=0x1d9b4ef, ftLastWriteTime.dwLowDateTime=0x40544bf0, ftLastWriteTime.dwHighDateTime=0x1d9b4ef, nFileSizeHigh=0x0, nFileSizeLow=0xaf99, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dbg3Ddy9SSgsZKwE.doc", cAlternateFileName="DBG3DD~1.DOC")) returned 0 [0212.502] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0212.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.502] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\My Music", lpFilePart=0x0) returned 0x25 [0212.504] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\My Music\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\my music\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb58) returned 1 [0212.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.515] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\My Pictures", lpFilePart=0x0) returned 0x28 [0212.515] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\My Pictures\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\my pictures\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb58) returned 1 [0212.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.530] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\My Videos", lpFilePart=0x0) returned 0x26 [0212.530] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\My Videos\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\my videos\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb58) returned 1 [0212.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.537] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9", lpFilePart=0x0) returned 0x26 [0212.538] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49fa35b0, ftCreationTime.dwHighDateTime=0x1d9af96, ftLastAccessTime.dwLowDateTime=0xdc925f02, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x5884c8a0, ftLastWriteTime.dwHighDateTime=0x1d9b42f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.539] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49fa35b0, ftCreationTime.dwHighDateTime=0x1d9af96, ftLastAccessTime.dwLowDateTime=0xdc925f02, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x5884c8a0, ftLastWriteTime.dwHighDateTime=0x1d9b42f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.539] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc15c8e20, ftCreationTime.dwHighDateTime=0x1d9a887, ftLastAccessTime.dwLowDateTime=0x7e457280, ftLastAccessTime.dwHighDateTime=0x1d9b301, ftLastWriteTime.dwLowDateTime=0x7e457280, ftLastWriteTime.dwHighDateTime=0x1d9b301, nFileSizeHigh=0x0, nFileSizeLow=0x1070b, dwReserved0=0x0, dwReserved1=0x0, cFileName="61De8WLPska01oVom.docx", cAlternateFileName="61DE8W~1.DOC")) returned 1 [0212.539] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35a1e960, ftCreationTime.dwHighDateTime=0x1d9a5fe, ftLastAccessTime.dwLowDateTime=0x4206e280, ftLastAccessTime.dwHighDateTime=0x1d9a68c, ftLastWriteTime.dwLowDateTime=0x4206e280, ftLastWriteTime.dwHighDateTime=0x1d9a68c, nFileSizeHigh=0x0, nFileSizeLow=0x143c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="EgF5qYYsDP3TXhIOn.pps", cAlternateFileName="EGF5QY~1.PPS")) returned 1 [0212.541] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0080a80, ftCreationTime.dwHighDateTime=0x1d9b2fc, ftLastAccessTime.dwLowDateTime=0xfbb5e080, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2d6f2cd0, ftLastWriteTime.dwHighDateTime=0x1d9b459, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fabE6LAM6xEtP", cAlternateFileName="FABE6L~1")) returned 1 [0212.541] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88f51c80, ftCreationTime.dwHighDateTime=0x1d9a9b5, ftLastAccessTime.dwLowDateTime=0xac2565e0, ftLastAccessTime.dwHighDateTime=0x1d9b46c, ftLastWriteTime.dwLowDateTime=0xac2565e0, ftLastWriteTime.dwHighDateTime=0x1d9b46c, nFileSizeHigh=0x0, nFileSizeLow=0xca96, dwReserved0=0x0, dwReserved1=0x0, cFileName="pUTUVKAK.xlsx", cAlternateFileName="PUTUVK~1.XLS")) returned 1 [0212.541] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb053fc90, ftCreationTime.dwHighDateTime=0x1d9b1c8, ftLastAccessTime.dwLowDateTime=0x4ff271e0, ftLastAccessTime.dwHighDateTime=0x1d9b31e, ftLastWriteTime.dwLowDateTime=0x4ff271e0, ftLastWriteTime.dwHighDateTime=0x1d9b31e, nFileSizeHigh=0x0, nFileSizeLow=0x167d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="tKwoXg9sP.docx", cAlternateFileName="TKWOXG~1.DOC")) returned 1 [0212.542] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.542] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0212.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.543] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9", lpFilePart=0x0) returned 0x26 [0212.543] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\*" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49fa35b0, ftCreationTime.dwHighDateTime=0x1d9af96, ftLastAccessTime.dwLowDateTime=0xdc925f02, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x5884c8a0, ftLastWriteTime.dwHighDateTime=0x1d9b42f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6017e0 [0212.544] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49fa35b0, ftCreationTime.dwHighDateTime=0x1d9af96, ftLastAccessTime.dwLowDateTime=0xdc925f02, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x5884c8a0, ftLastWriteTime.dwHighDateTime=0x1d9b42f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.544] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc15c8e20, ftCreationTime.dwHighDateTime=0x1d9a887, ftLastAccessTime.dwLowDateTime=0x7e457280, ftLastAccessTime.dwHighDateTime=0x1d9b301, ftLastWriteTime.dwLowDateTime=0x7e457280, ftLastWriteTime.dwHighDateTime=0x1d9b301, nFileSizeHigh=0x0, nFileSizeLow=0x1070b, dwReserved0=0x0, dwReserved1=0x0, cFileName="61De8WLPska01oVom.docx", cAlternateFileName="61DE8W~1.DOC")) returned 1 [0212.544] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35a1e960, ftCreationTime.dwHighDateTime=0x1d9a5fe, ftLastAccessTime.dwLowDateTime=0x4206e280, ftLastAccessTime.dwHighDateTime=0x1d9a68c, ftLastWriteTime.dwLowDateTime=0x4206e280, ftLastWriteTime.dwHighDateTime=0x1d9a68c, nFileSizeHigh=0x0, nFileSizeLow=0x143c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="EgF5qYYsDP3TXhIOn.pps", cAlternateFileName="EGF5QY~1.PPS")) returned 1 [0212.544] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0080a80, ftCreationTime.dwHighDateTime=0x1d9b2fc, ftLastAccessTime.dwLowDateTime=0xfbb5e080, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2d6f2cd0, ftLastWriteTime.dwHighDateTime=0x1d9b459, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fabE6LAM6xEtP", cAlternateFileName="FABE6L~1")) returned 1 [0212.544] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88f51c80, ftCreationTime.dwHighDateTime=0x1d9a9b5, ftLastAccessTime.dwLowDateTime=0xac2565e0, ftLastAccessTime.dwHighDateTime=0x1d9b46c, ftLastWriteTime.dwLowDateTime=0xac2565e0, ftLastWriteTime.dwHighDateTime=0x1d9b46c, nFileSizeHigh=0x0, nFileSizeLow=0xca96, dwReserved0=0x0, dwReserved1=0x0, cFileName="pUTUVKAK.xlsx", cAlternateFileName="PUTUVK~1.XLS")) returned 1 [0212.544] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb053fc90, ftCreationTime.dwHighDateTime=0x1d9b1c8, ftLastAccessTime.dwLowDateTime=0x4ff271e0, ftLastAccessTime.dwHighDateTime=0x1d9b31e, ftLastWriteTime.dwLowDateTime=0x4ff271e0, ftLastWriteTime.dwHighDateTime=0x1d9b31e, nFileSizeHigh=0x0, nFileSizeLow=0x167d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="tKwoXg9sP.docx", cAlternateFileName="TKWOXG~1.DOC")) returned 1 [0212.544] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb053fc90, ftCreationTime.dwHighDateTime=0x1d9b1c8, ftLastAccessTime.dwLowDateTime=0x4ff271e0, ftLastAccessTime.dwHighDateTime=0x1d9b31e, ftLastWriteTime.dwLowDateTime=0x4ff271e0, ftLastWriteTime.dwHighDateTime=0x1d9b31e, nFileSizeHigh=0x0, nFileSizeLow=0x167d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="tKwoXg9sP.docx", cAlternateFileName="TKWOXG~1.DOC")) returned 0 [0212.544] FindClose (in: hFindFile=0x6017e0 | out: hFindFile=0x6017e0) returned 1 [0212.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.545] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.545] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\fabE6LAM6xEtP", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\fabE6LAM6xEtP", lpFilePart=0x0) returned 0x34 [0212.545] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\fabE6LAM6xEtP\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\fabe6lam6xetp\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0080a80, ftCreationTime.dwHighDateTime=0x1d9b2fc, ftLastAccessTime.dwLowDateTime=0xfbb5e080, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2d6f2cd0, ftLastWriteTime.dwHighDateTime=0x1d9b459, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0212.546] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0080a80, ftCreationTime.dwHighDateTime=0x1d9b2fc, ftLastAccessTime.dwLowDateTime=0xfbb5e080, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2d6f2cd0, ftLastWriteTime.dwHighDateTime=0x1d9b459, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.546] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1a3ce60, ftCreationTime.dwHighDateTime=0x1d9a800, ftLastAccessTime.dwLowDateTime=0x86f10e20, ftLastAccessTime.dwHighDateTime=0x1d9ac31, ftLastWriteTime.dwLowDateTime=0x86f10e20, ftLastWriteTime.dwHighDateTime=0x1d9ac31, nFileSizeHigh=0x0, nFileSizeLow=0x1682d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fz9-EFgchL_BgQQD.ots", cAlternateFileName="FZ9-EF~1.OTS")) returned 1 [0212.547] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd78d380, ftCreationTime.dwHighDateTime=0x1d9ac73, ftLastAccessTime.dwLowDateTime=0x250c23f0, ftLastAccessTime.dwHighDateTime=0x1d9ad28, ftLastWriteTime.dwLowDateTime=0x250c23f0, ftLastWriteTime.dwHighDateTime=0x1d9ad28, nFileSizeHigh=0x0, nFileSizeLow=0x143d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KrCIJZxudvtCeY.doc", cAlternateFileName="KRCIJZ~1.DOC")) returned 1 [0212.548] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.548] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0212.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0212.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0212.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.548] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\fabE6LAM6xEtP", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\fabE6LAM6xEtP", lpFilePart=0x0) returned 0x34 [0212.549] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\OgZRcboo9\\fabE6LAM6xEtP\\*" (normalized: "c:\\users\\oqxzraykm\\documents\\ogzrcboo9\\fabe6lam6xetp\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0080a80, ftCreationTime.dwHighDateTime=0x1d9b2fc, ftLastAccessTime.dwLowDateTime=0xfbb5e080, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2d6f2cd0, ftLastWriteTime.dwHighDateTime=0x1d9b459, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.549] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0080a80, ftCreationTime.dwHighDateTime=0x1d9b2fc, ftLastAccessTime.dwLowDateTime=0xfbb5e080, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2d6f2cd0, ftLastWriteTime.dwHighDateTime=0x1d9b459, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.550] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1a3ce60, ftCreationTime.dwHighDateTime=0x1d9a800, ftLastAccessTime.dwLowDateTime=0x86f10e20, ftLastAccessTime.dwHighDateTime=0x1d9ac31, ftLastWriteTime.dwLowDateTime=0x86f10e20, ftLastWriteTime.dwHighDateTime=0x1d9ac31, nFileSizeHigh=0x0, nFileSizeLow=0x1682d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fz9-EFgchL_BgQQD.ots", cAlternateFileName="FZ9-EF~1.OTS")) returned 1 [0212.550] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd78d380, ftCreationTime.dwHighDateTime=0x1d9ac73, ftLastAccessTime.dwLowDateTime=0x250c23f0, ftLastAccessTime.dwHighDateTime=0x1d9ad28, ftLastWriteTime.dwLowDateTime=0x250c23f0, ftLastWriteTime.dwHighDateTime=0x1d9ad28, nFileSizeHigh=0x0, nFileSizeLow=0x143d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KrCIJZxudvtCeY.doc", cAlternateFileName="KRCIJZ~1.DOC")) returned 1 [0212.550] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd78d380, ftCreationTime.dwHighDateTime=0x1d9ac73, ftLastAccessTime.dwLowDateTime=0x250c23f0, ftLastAccessTime.dwHighDateTime=0x1d9ad28, ftLastWriteTime.dwLowDateTime=0x250c23f0, ftLastWriteTime.dwHighDateTime=0x1d9ad28, nFileSizeHigh=0x0, nFileSizeLow=0x143d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KrCIJZxudvtCeY.doc", cAlternateFileName="KRCIJZ~1.DOC")) returned 0 [0212.550] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0212.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0212.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0212.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.550] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\vPtkmO", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\vPtkmO", lpFilePart=0x0) returned 0x23 [0212.551] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\vPtkmO\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\vptkmo\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3316cf10, ftCreationTime.dwHighDateTime=0x1d9a8da, ftLastAccessTime.dwLowDateTime=0xddeef426, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x907f3970, ftLastWriteTime.dwHighDateTime=0x1d9b376, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.551] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3316cf10, ftCreationTime.dwHighDateTime=0x1d9a8da, ftLastAccessTime.dwLowDateTime=0xddeef426, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x907f3970, ftLastWriteTime.dwHighDateTime=0x1d9b376, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.551] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1173cb40, ftCreationTime.dwHighDateTime=0x1d9aaee, ftLastAccessTime.dwLowDateTime=0xa7d10cf0, ftLastAccessTime.dwHighDateTime=0x1d9abc6, ftLastWriteTime.dwLowDateTime=0xa7d10cf0, ftLastWriteTime.dwHighDateTime=0x1d9abc6, nFileSizeHigh=0x0, nFileSizeLow=0xb198, dwReserved0=0x0, dwReserved1=0x0, cFileName="-TpGaKVbHa97zgS.ppt", cAlternateFileName="-TPGAK~1.PPT")) returned 1 [0212.552] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc489aff0, ftCreationTime.dwHighDateTime=0x1d9ae1e, ftLastAccessTime.dwLowDateTime=0x341902c0, ftLastAccessTime.dwHighDateTime=0x1d9b0af, ftLastWriteTime.dwLowDateTime=0x341902c0, ftLastWriteTime.dwHighDateTime=0x1d9b0af, nFileSizeHigh=0x0, nFileSizeLow=0xc85c, dwReserved0=0x0, dwReserved1=0x0, cFileName="novXISG4jJT9ZShRo.ods", cAlternateFileName="NOVXIS~1.ODS")) returned 1 [0212.555] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcdf1560, ftCreationTime.dwHighDateTime=0x1d9ab1d, ftLastAccessTime.dwLowDateTime=0xe5a004d0, ftLastAccessTime.dwHighDateTime=0x1d9b244, ftLastWriteTime.dwLowDateTime=0xe5a004d0, ftLastWriteTime.dwHighDateTime=0x1d9b244, nFileSizeHigh=0x0, nFileSizeLow=0x135ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="zCcWRD8QwPIFlQ2Uo.pdf", cAlternateFileName="ZCCWRD~1.PDF")) returned 1 [0212.557] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.557] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.557] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\vPtkmO", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\vPtkmO", lpFilePart=0x0) returned 0x23 [0212.558] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\vPtkmO\\*" (normalized: "c:\\users\\oqxzraykm\\documents\\vptkmo\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3316cf10, ftCreationTime.dwHighDateTime=0x1d9a8da, ftLastAccessTime.dwLowDateTime=0xddeef426, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x907f3970, ftLastWriteTime.dwHighDateTime=0x1d9b376, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.558] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3316cf10, ftCreationTime.dwHighDateTime=0x1d9a8da, ftLastAccessTime.dwLowDateTime=0xddeef426, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x907f3970, ftLastWriteTime.dwHighDateTime=0x1d9b376, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.558] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1173cb40, ftCreationTime.dwHighDateTime=0x1d9aaee, ftLastAccessTime.dwLowDateTime=0xa7d10cf0, ftLastAccessTime.dwHighDateTime=0x1d9abc6, ftLastWriteTime.dwLowDateTime=0xa7d10cf0, ftLastWriteTime.dwHighDateTime=0x1d9abc6, nFileSizeHigh=0x0, nFileSizeLow=0xb198, dwReserved0=0x0, dwReserved1=0x0, cFileName="-TpGaKVbHa97zgS.ppt", cAlternateFileName="-TPGAK~1.PPT")) returned 1 [0212.558] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc489aff0, ftCreationTime.dwHighDateTime=0x1d9ae1e, ftLastAccessTime.dwLowDateTime=0x341902c0, ftLastAccessTime.dwHighDateTime=0x1d9b0af, ftLastWriteTime.dwLowDateTime=0x341902c0, ftLastWriteTime.dwHighDateTime=0x1d9b0af, nFileSizeHigh=0x0, nFileSizeLow=0xc85c, dwReserved0=0x0, dwReserved1=0x0, cFileName="novXISG4jJT9ZShRo.ods", cAlternateFileName="NOVXIS~1.ODS")) returned 1 [0212.559] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcdf1560, ftCreationTime.dwHighDateTime=0x1d9ab1d, ftLastAccessTime.dwLowDateTime=0xe5a004d0, ftLastAccessTime.dwHighDateTime=0x1d9b244, ftLastWriteTime.dwLowDateTime=0xe5a004d0, ftLastWriteTime.dwHighDateTime=0x1d9b244, nFileSizeHigh=0x0, nFileSizeLow=0x135ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="zCcWRD8QwPIFlQ2Uo.pdf", cAlternateFileName="ZCCWRD~1.PDF")) returned 1 [0212.559] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcdf1560, ftCreationTime.dwHighDateTime=0x1d9ab1d, ftLastAccessTime.dwLowDateTime=0xe5a004d0, ftLastAccessTime.dwHighDateTime=0x1d9b244, ftLastWriteTime.dwLowDateTime=0xe5a004d0, ftLastWriteTime.dwHighDateTime=0x1d9b244, nFileSizeHigh=0x0, nFileSizeLow=0x135ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="zCcWRD8QwPIFlQ2Uo.pdf", cAlternateFileName="ZCCWRD~1.PDF")) returned 0 [0212.559] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0212.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.559] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\WindowsPowerShell", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\WindowsPowerShell", lpFilePart=0x0) returned 0x2e [0212.560] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\WindowsPowerShell\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\windowspowershell\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ae800fd, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x7ae800fd, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x7ae800fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.561] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ae800fd, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x7ae800fd, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x7ae800fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.561] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ae800fd, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x7ae800fd, ftLastAccessTime.dwHighDateTime=0x1d94215, ftLastWriteTime.dwLowDateTime=0x7ae800fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.561] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0212.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.563] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\WindowsPowerShell", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\WindowsPowerShell", lpFilePart=0x0) returned 0x2e [0212.564] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\WindowsPowerShell\\*" (normalized: "c:\\users\\oqxzraykm\\documents\\windowspowershell\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ae800fd, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x13141949, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7ae800fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0212.564] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ae800fd, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x13141949, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7ae800fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.564] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ae800fd, ftCreationTime.dwHighDateTime=0x1d94215, ftLastAccessTime.dwLowDateTime=0x13141949, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x7ae800fd, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.564] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0212.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.565] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0", lpFilePart=0x0) returned 0x2f [0212.565] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x405fd490, ftCreationTime.dwHighDateTime=0x1d9ad63, ftLastAccessTime.dwLowDateTime=0xe40033de, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7f28df0, ftLastWriteTime.dwHighDateTime=0x1d9b420, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0212.565] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x405fd490, ftCreationTime.dwHighDateTime=0x1d9ad63, ftLastAccessTime.dwLowDateTime=0xe40033de, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7f28df0, ftLastWriteTime.dwHighDateTime=0x1d9b420, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.566] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4e8baf10, ftCreationTime.dwHighDateTime=0x1d9b454, ftLastAccessTime.dwLowDateTime=0xe4513f87, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x88201520, ftLastWriteTime.dwHighDateTime=0x1d9b52d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8gTJ48", cAlternateFileName="")) returned 1 [0212.566] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b30f290, ftCreationTime.dwHighDateTime=0x1d9aed4, ftLastAccessTime.dwLowDateTime=0xecfbcba0, ftLastAccessTime.dwHighDateTime=0x1d9b33a, ftLastWriteTime.dwLowDateTime=0xecfbcba0, ftLastWriteTime.dwHighDateTime=0x1d9b33a, nFileSizeHigh=0x0, nFileSizeLow=0x7fb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="jZACGvj_jUniQbGydKt.xlsx", cAlternateFileName="JZACGV~1.XLS")) returned 1 [0212.566] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf5f0d60, ftCreationTime.dwHighDateTime=0x1d9ac2b, ftLastAccessTime.dwLowDateTime=0xebcdaf63, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x1de74700, ftLastWriteTime.dwHighDateTime=0x1d9acb3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="oByX88izFWIaL4", cAlternateFileName="OBYX88~1")) returned 1 [0212.566] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd7552a0, ftCreationTime.dwHighDateTime=0x1d9a536, ftLastAccessTime.dwLowDateTime=0x37475aa0, ftLastAccessTime.dwHighDateTime=0x1d9b465, ftLastWriteTime.dwLowDateTime=0x37475aa0, ftLastWriteTime.dwHighDateTime=0x1d9b465, nFileSizeHigh=0x0, nFileSizeLow=0xbe81, dwReserved0=0x0, dwReserved1=0x0, cFileName="UHkhqoDlS1ZMy4YF1xN.xls", cAlternateFileName="UHKHQO~1.XLS")) returned 1 [0212.567] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.567] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0212.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.567] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0", lpFilePart=0x0) returned 0x2f [0212.568] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\*" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x405fd490, ftCreationTime.dwHighDateTime=0x1d9ad63, ftLastAccessTime.dwLowDateTime=0xe40033de, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7f28df0, ftLastWriteTime.dwHighDateTime=0x1d9b420, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.568] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x405fd490, ftCreationTime.dwHighDateTime=0x1d9ad63, ftLastAccessTime.dwLowDateTime=0xe40033de, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7f28df0, ftLastWriteTime.dwHighDateTime=0x1d9b420, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.568] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4e8baf10, ftCreationTime.dwHighDateTime=0x1d9b454, ftLastAccessTime.dwLowDateTime=0xe4513f87, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x88201520, ftLastWriteTime.dwHighDateTime=0x1d9b52d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8gTJ48", cAlternateFileName="")) returned 1 [0212.569] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b30f290, ftCreationTime.dwHighDateTime=0x1d9aed4, ftLastAccessTime.dwLowDateTime=0xecfbcba0, ftLastAccessTime.dwHighDateTime=0x1d9b33a, ftLastWriteTime.dwLowDateTime=0xecfbcba0, ftLastWriteTime.dwHighDateTime=0x1d9b33a, nFileSizeHigh=0x0, nFileSizeLow=0x7fb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="jZACGvj_jUniQbGydKt.xlsx", cAlternateFileName="JZACGV~1.XLS")) returned 1 [0212.569] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf5f0d60, ftCreationTime.dwHighDateTime=0x1d9ac2b, ftLastAccessTime.dwLowDateTime=0xebcdaf63, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x1de74700, ftLastWriteTime.dwHighDateTime=0x1d9acb3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="oByX88izFWIaL4", cAlternateFileName="OBYX88~1")) returned 1 [0212.570] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd7552a0, ftCreationTime.dwHighDateTime=0x1d9a536, ftLastAccessTime.dwLowDateTime=0x37475aa0, ftLastAccessTime.dwHighDateTime=0x1d9b465, ftLastWriteTime.dwLowDateTime=0x37475aa0, ftLastWriteTime.dwHighDateTime=0x1d9b465, nFileSizeHigh=0x0, nFileSizeLow=0xbe81, dwReserved0=0x0, dwReserved1=0x0, cFileName="UHkhqoDlS1ZMy4YF1xN.xls", cAlternateFileName="UHKHQO~1.XLS")) returned 1 [0212.570] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd7552a0, ftCreationTime.dwHighDateTime=0x1d9a536, ftLastAccessTime.dwLowDateTime=0x37475aa0, ftLastAccessTime.dwHighDateTime=0x1d9b465, ftLastWriteTime.dwLowDateTime=0x37475aa0, ftLastWriteTime.dwHighDateTime=0x1d9b465, nFileSizeHigh=0x0, nFileSizeLow=0xbe81, dwReserved0=0x0, dwReserved1=0x0, cFileName="UHkhqoDlS1ZMy4YF1xN.xls", cAlternateFileName="UHKHQO~1.XLS")) returned 0 [0212.570] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0212.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.570] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48", lpFilePart=0x0) returned 0x36 [0212.571] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\8gtj48\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4e8baf10, ftCreationTime.dwHighDateTime=0x1d9b454, ftLastAccessTime.dwLowDateTime=0xe4513f87, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x88201520, ftLastWriteTime.dwHighDateTime=0x1d9b52d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0212.571] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4e8baf10, ftCreationTime.dwHighDateTime=0x1d9b454, ftLastAccessTime.dwLowDateTime=0xe4513f87, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x88201520, ftLastWriteTime.dwHighDateTime=0x1d9b52d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.572] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac3cf5d0, ftCreationTime.dwHighDateTime=0x1d9a624, ftLastAccessTime.dwLowDateTime=0x3ebc7ec3, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0xbf20fcd0, ftLastWriteTime.dwHighDateTime=0x1d9b1d9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3bJ1", cAlternateFileName="")) returned 1 [0212.572] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x695ca760, ftCreationTime.dwHighDateTime=0x1d9a9a8, ftLastAccessTime.dwLowDateTime=0x37272570, ftLastAccessTime.dwHighDateTime=0x1d9ad33, ftLastWriteTime.dwLowDateTime=0x37272570, ftLastWriteTime.dwHighDateTime=0x1d9ad33, nFileSizeHigh=0x0, nFileSizeLow=0x18991, dwReserved0=0x0, dwReserved1=0x0, cFileName="EVZV9g78HF1 1b20ex.odt", cAlternateFileName="EVZV9G~1.ODT")) returned 1 [0212.572] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a9cbf10, ftCreationTime.dwHighDateTime=0x1d9a9c2, ftLastAccessTime.dwLowDateTime=0xeb87f4b0, ftLastAccessTime.dwHighDateTime=0x1d9ae76, ftLastWriteTime.dwLowDateTime=0xeb87f4b0, ftLastWriteTime.dwHighDateTime=0x1d9ae76, nFileSizeHigh=0x0, nFileSizeLow=0xe38a, dwReserved0=0x0, dwReserved1=0x0, cFileName="gDn4S0f.ppt", cAlternateFileName="")) returned 1 [0212.572] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99874770, ftCreationTime.dwHighDateTime=0x1d9abaa, ftLastAccessTime.dwLowDateTime=0x7e40ada0, ftLastAccessTime.dwHighDateTime=0x1d9b2ab, ftLastWriteTime.dwLowDateTime=0x7e40ada0, ftLastWriteTime.dwHighDateTime=0x1d9b2ab, nFileSizeHigh=0x0, nFileSizeLow=0x85e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="r3esBZrnGnq-0TLBo.ots", cAlternateFileName="R3ESBZ~1.OTS")) returned 1 [0212.574] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd55e5070, ftCreationTime.dwHighDateTime=0x1d9b458, ftLastAccessTime.dwLowDateTime=0x7503d440, ftLastAccessTime.dwHighDateTime=0x1d9b4f6, ftLastWriteTime.dwLowDateTime=0x7503d440, ftLastWriteTime.dwHighDateTime=0x1d9b4f6, nFileSizeHigh=0x0, nFileSizeLow=0x5719, dwReserved0=0x0, dwReserved1=0x0, cFileName="WDmuMj12Phg.pdf", cAlternateFileName="WDMUMJ~1.PDF")) returned 1 [0212.575] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.575] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0212.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0212.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0212.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.575] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48", lpFilePart=0x0) returned 0x36 [0212.576] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\*" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\8gtj48\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4e8baf10, ftCreationTime.dwHighDateTime=0x1d9b454, ftLastAccessTime.dwLowDateTime=0xe4513f87, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x88201520, ftLastWriteTime.dwHighDateTime=0x1d9b52d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600c40 [0212.576] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4e8baf10, ftCreationTime.dwHighDateTime=0x1d9b454, ftLastAccessTime.dwLowDateTime=0xe4513f87, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x88201520, ftLastWriteTime.dwHighDateTime=0x1d9b52d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.576] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac3cf5d0, ftCreationTime.dwHighDateTime=0x1d9a624, ftLastAccessTime.dwLowDateTime=0x3ebc7ec3, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0xbf20fcd0, ftLastWriteTime.dwHighDateTime=0x1d9b1d9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3bJ1", cAlternateFileName="")) returned 1 [0212.577] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x695ca760, ftCreationTime.dwHighDateTime=0x1d9a9a8, ftLastAccessTime.dwLowDateTime=0x37272570, ftLastAccessTime.dwHighDateTime=0x1d9ad33, ftLastWriteTime.dwLowDateTime=0x37272570, ftLastWriteTime.dwHighDateTime=0x1d9ad33, nFileSizeHigh=0x0, nFileSizeLow=0x18991, dwReserved0=0x0, dwReserved1=0x0, cFileName="EVZV9g78HF1 1b20ex.odt", cAlternateFileName="EVZV9G~1.ODT")) returned 1 [0212.577] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a9cbf10, ftCreationTime.dwHighDateTime=0x1d9a9c2, ftLastAccessTime.dwLowDateTime=0xeb87f4b0, ftLastAccessTime.dwHighDateTime=0x1d9ae76, ftLastWriteTime.dwLowDateTime=0xeb87f4b0, ftLastWriteTime.dwHighDateTime=0x1d9ae76, nFileSizeHigh=0x0, nFileSizeLow=0xe38a, dwReserved0=0x0, dwReserved1=0x0, cFileName="gDn4S0f.ppt", cAlternateFileName="")) returned 1 [0212.577] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99874770, ftCreationTime.dwHighDateTime=0x1d9abaa, ftLastAccessTime.dwLowDateTime=0x7e40ada0, ftLastAccessTime.dwHighDateTime=0x1d9b2ab, ftLastWriteTime.dwLowDateTime=0x7e40ada0, ftLastWriteTime.dwHighDateTime=0x1d9b2ab, nFileSizeHigh=0x0, nFileSizeLow=0x85e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="r3esBZrnGnq-0TLBo.ots", cAlternateFileName="R3ESBZ~1.OTS")) returned 1 [0212.577] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd55e5070, ftCreationTime.dwHighDateTime=0x1d9b458, ftLastAccessTime.dwLowDateTime=0x7503d440, ftLastAccessTime.dwHighDateTime=0x1d9b4f6, ftLastWriteTime.dwLowDateTime=0x7503d440, ftLastWriteTime.dwHighDateTime=0x1d9b4f6, nFileSizeHigh=0x0, nFileSizeLow=0x5719, dwReserved0=0x0, dwReserved1=0x0, cFileName="WDmuMj12Phg.pdf", cAlternateFileName="WDMUMJ~1.PDF")) returned 1 [0212.577] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd55e5070, ftCreationTime.dwHighDateTime=0x1d9b458, ftLastAccessTime.dwLowDateTime=0x7503d440, ftLastAccessTime.dwHighDateTime=0x1d9b4f6, ftLastWriteTime.dwLowDateTime=0x7503d440, ftLastWriteTime.dwHighDateTime=0x1d9b4f6, nFileSizeHigh=0x0, nFileSizeLow=0x5719, dwReserved0=0x0, dwReserved1=0x0, cFileName="WDmuMj12Phg.pdf", cAlternateFileName="WDMUMJ~1.PDF")) returned 0 [0212.577] FindClose (in: hFindFile=0x600c40 | out: hFindFile=0x600c40) returned 1 [0212.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0212.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0212.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.577] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\3bJ1", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\3bJ1", lpFilePart=0x0) returned 0x3b [0212.579] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\3bJ1\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\8gtj48\\3bj1\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac3cf5d0, ftCreationTime.dwHighDateTime=0x1d9a624, ftLastAccessTime.dwLowDateTime=0x3ebc7ec3, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0xbf20fcd0, ftLastWriteTime.dwHighDateTime=0x1d9b1d9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.580] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac3cf5d0, ftCreationTime.dwHighDateTime=0x1d9a624, ftLastAccessTime.dwLowDateTime=0x3ebc7ec3, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0xbf20fcd0, ftLastWriteTime.dwHighDateTime=0x1d9b1d9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.580] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15f7bbe0, ftCreationTime.dwHighDateTime=0x1d9b3e5, ftLastAccessTime.dwLowDateTime=0xdceca100, ftLastAccessTime.dwHighDateTime=0x1d9b432, ftLastWriteTime.dwLowDateTime=0xdceca100, ftLastWriteTime.dwHighDateTime=0x1d9b432, nFileSizeHigh=0x0, nFileSizeLow=0xb4ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="VcT_G8cWMIrPoJ51oahf.odp", cAlternateFileName="VCT_G8~1.ODP")) returned 1 [0212.580] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.580] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0212.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.581] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\3bJ1", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\3bJ1", lpFilePart=0x0) returned 0x3b [0212.583] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\8gTJ48\\3bJ1\\*" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\8gtj48\\3bj1\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac3cf5d0, ftCreationTime.dwHighDateTime=0x1d9a624, ftLastAccessTime.dwLowDateTime=0x131679cc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xbf20fcd0, ftLastWriteTime.dwHighDateTime=0x1d9b1d9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.583] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac3cf5d0, ftCreationTime.dwHighDateTime=0x1d9a624, ftLastAccessTime.dwLowDateTime=0x131679cc, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xbf20fcd0, ftLastWriteTime.dwHighDateTime=0x1d9b1d9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.583] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15f7bbe0, ftCreationTime.dwHighDateTime=0x1d9b3e5, ftLastAccessTime.dwLowDateTime=0xdceca100, ftLastAccessTime.dwHighDateTime=0x1d9b432, ftLastWriteTime.dwLowDateTime=0xdceca100, ftLastWriteTime.dwHighDateTime=0x1d9b432, nFileSizeHigh=0x0, nFileSizeLow=0xb4ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="VcT_G8cWMIrPoJ51oahf.odp", cAlternateFileName="VCT_G8~1.ODP")) returned 1 [0212.583] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15f7bbe0, ftCreationTime.dwHighDateTime=0x1d9b3e5, ftLastAccessTime.dwLowDateTime=0xdceca100, ftLastAccessTime.dwHighDateTime=0x1d9b432, ftLastWriteTime.dwLowDateTime=0xdceca100, ftLastWriteTime.dwHighDateTime=0x1d9b432, nFileSizeHigh=0x0, nFileSizeLow=0xb4ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="VcT_G8cWMIrPoJ51oahf.odp", cAlternateFileName="VCT_G8~1.ODP")) returned 0 [0212.583] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.584] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4", lpFilePart=0x0) returned 0x3e [0212.585] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\*.*" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\obyx88izfwial4\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf5f0d60, ftCreationTime.dwHighDateTime=0x1d9ac2b, ftLastAccessTime.dwLowDateTime=0xebcdaf63, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x1de74700, ftLastWriteTime.dwHighDateTime=0x1d9acb3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6011e0 [0212.587] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf5f0d60, ftCreationTime.dwHighDateTime=0x1d9ac2b, ftLastAccessTime.dwLowDateTime=0xebcdaf63, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x1de74700, ftLastWriteTime.dwHighDateTime=0x1d9acb3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.588] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa7fa840, ftCreationTime.dwHighDateTime=0x1d9a9c2, ftLastAccessTime.dwLowDateTime=0xd89766d0, ftLastAccessTime.dwHighDateTime=0x1d9ac12, ftLastWriteTime.dwLowDateTime=0xd89766d0, ftLastWriteTime.dwHighDateTime=0x1d9ac12, nFileSizeHigh=0x0, nFileSizeLow=0x5f06, dwReserved0=0x0, dwReserved1=0x0, cFileName="3p6 ohHYs9-.csv", cAlternateFileName="3P6OHH~1.CSV")) returned 1 [0212.588] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b88fe40, ftCreationTime.dwHighDateTime=0x1d9a6de, ftLastAccessTime.dwLowDateTime=0x1f653050, ftLastAccessTime.dwHighDateTime=0x1d9a985, ftLastWriteTime.dwLowDateTime=0x1f653050, ftLastWriteTime.dwHighDateTime=0x1d9a985, nFileSizeHigh=0x0, nFileSizeLow=0x7927, dwReserved0=0x0, dwReserved1=0x0, cFileName="7AZ xi 6.odp", cAlternateFileName="7AZXI6~1.ODP")) returned 1 [0212.588] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9020c5e0, ftCreationTime.dwHighDateTime=0x1d9ad0c, ftLastAccessTime.dwLowDateTime=0x6c0a9710, ftLastAccessTime.dwHighDateTime=0x1d9b100, ftLastWriteTime.dwLowDateTime=0x6c0a9710, ftLastWriteTime.dwHighDateTime=0x1d9b100, nFileSizeHigh=0x0, nFileSizeLow=0xb322, dwReserved0=0x0, dwReserved1=0x0, cFileName="aucpxM.odt", cAlternateFileName="")) returned 1 [0212.588] FindNextFileW (in: hFindFile=0x6011e0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.588] FindClose (in: hFindFile=0x6011e0 | out: hFindFile=0x6011e0) returned 1 [0212.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0212.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0212.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.589] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4", lpFilePart=0x0) returned 0x3e [0212.590] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\XAdPkF7sUkUXx_LAj0\\oByX88izFWIaL4\\*" (normalized: "c:\\users\\oqxzraykm\\documents\\xadpkf7sukuxx_laj0\\obyx88izfwial4\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf5f0d60, ftCreationTime.dwHighDateTime=0x1d9ac2b, ftLastAccessTime.dwLowDateTime=0xebcdaf63, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x1de74700, ftLastWriteTime.dwHighDateTime=0x1d9acb3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0212.590] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf5f0d60, ftCreationTime.dwHighDateTime=0x1d9ac2b, ftLastAccessTime.dwLowDateTime=0xebcdaf63, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x1de74700, ftLastWriteTime.dwHighDateTime=0x1d9acb3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.590] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa7fa840, ftCreationTime.dwHighDateTime=0x1d9a9c2, ftLastAccessTime.dwLowDateTime=0xd89766d0, ftLastAccessTime.dwHighDateTime=0x1d9ac12, ftLastWriteTime.dwLowDateTime=0xd89766d0, ftLastWriteTime.dwHighDateTime=0x1d9ac12, nFileSizeHigh=0x0, nFileSizeLow=0x5f06, dwReserved0=0x0, dwReserved1=0x0, cFileName="3p6 ohHYs9-.csv", cAlternateFileName="3P6OHH~1.CSV")) returned 1 [0212.590] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b88fe40, ftCreationTime.dwHighDateTime=0x1d9a6de, ftLastAccessTime.dwLowDateTime=0x1f653050, ftLastAccessTime.dwHighDateTime=0x1d9a985, ftLastWriteTime.dwLowDateTime=0x1f653050, ftLastWriteTime.dwHighDateTime=0x1d9a985, nFileSizeHigh=0x0, nFileSizeLow=0x7927, dwReserved0=0x0, dwReserved1=0x0, cFileName="7AZ xi 6.odp", cAlternateFileName="7AZXI6~1.ODP")) returned 1 [0212.590] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9020c5e0, ftCreationTime.dwHighDateTime=0x1d9ad0c, ftLastAccessTime.dwLowDateTime=0x6c0a9710, ftLastAccessTime.dwHighDateTime=0x1d9b100, ftLastWriteTime.dwLowDateTime=0x6c0a9710, ftLastWriteTime.dwHighDateTime=0x1d9b100, nFileSizeHigh=0x0, nFileSizeLow=0xb322, dwReserved0=0x0, dwReserved1=0x0, cFileName="aucpxM.odt", cAlternateFileName="")) returned 1 [0212.591] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9020c5e0, ftCreationTime.dwHighDateTime=0x1d9ad0c, ftLastAccessTime.dwLowDateTime=0x6c0a9710, ftLastAccessTime.dwHighDateTime=0x1d9b100, ftLastWriteTime.dwLowDateTime=0x6c0a9710, ftLastWriteTime.dwHighDateTime=0x1d9b100, nFileSizeHigh=0x0, nFileSizeLow=0xb322, dwReserved0=0x0, dwReserved1=0x0, cFileName="aucpxM.odt", cAlternateFileName="")) returned 0 [0212.591] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0212.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0212.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0212.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.591] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Downloads", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Downloads", lpFilePart=0x0) returned 0x1c [0212.592] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Downloads\\*.*" (normalized: "c:\\users\\oqxzraykm\\downloads\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51e1a3cc, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51e1a3cc, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6015a0 [0212.592] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51e1a3cc, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51e1a3cc, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.592] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51df41cc, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xab070be, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51e1a3cc, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.593] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.593] FindClose (in: hFindFile=0x6015a0 | out: hFindFile=0x6015a0) returned 1 [0212.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.593] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.593] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Downloads", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Downloads", lpFilePart=0x0) returned 0x1c [0212.594] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Downloads\\*" (normalized: "c:\\users\\oqxzraykm\\downloads\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x1318d80d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51e1a3cc, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0212.594] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x1318d80d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51e1a3cc, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.594] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51df41cc, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xab070be, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51e1a3cc, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.594] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51df41cc, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xab070be, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51e1a3cc, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0212.594] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0212.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.595] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Favorites", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Favorites", lpFilePart=0x0) returned 0x1c [0212.596] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Favorites\\*.*" (normalized: "c:\\users\\oqxzraykm\\favorites\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x54cf74cf, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x51b45731, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0212.596] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x54cf74cf, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x51b45731, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.596] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fc93070, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4fd9e050, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4fd9e050, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bing.url", cAlternateFileName="")) returned 1 [0212.596] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51b45731, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x99745a30, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x51b45731, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.597] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x4edd26d2, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x695e8da0, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4fdc44c0, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0212.597] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x4edd26d2, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x695e8da0, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4fdc44c0, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 0 [0212.597] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0212.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.597] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.597] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Favorites", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Favorites", lpFilePart=0x0) returned 0x1c [0212.598] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Favorites\\*" (normalized: "c:\\users\\oqxzraykm\\favorites\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x1318d80d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51b45731, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.598] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x1318d80d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51b45731, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.598] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fc93070, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x4fd9e050, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4fd9e050, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bing.url", cAlternateFileName="")) returned 1 [0212.598] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51b45731, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x99745a30, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x51b45731, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.598] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x4edd26d2, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x695e8da0, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4fdc44c0, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0212.598] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.599] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.599] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Favorites\\Links", lpFilePart=0x0) returned 0x22 [0212.599] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Favorites\\Links\\*.*" (normalized: "c:\\users\\oqxzraykm\\favorites\\links\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x4edd26d2, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x695e8da0, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4fdc44c0, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0212.601] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x4edd26d2, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x695e8da0, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x4fdc44c0, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.601] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4fdc44c0, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x5101b614, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x4fdc44c0, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.602] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.602] FindClose (in: hFindFile=0x601780 | out: hFindFile=0x601780) returned 1 [0212.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.602] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Favorites\\Links", lpFilePart=0x0) returned 0x22 [0212.602] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Favorites\\Links\\*" (normalized: "c:\\users\\oqxzraykm\\favorites\\links\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x4edd26d2, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x131b39ed, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4fdc44c0, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.603] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x4edd26d2, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x131b39ed, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x4fdc44c0, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.603] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4fdc44c0, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x5101b614, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x4fdc44c0, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.603] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4fdc44c0, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x5101b614, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x4fdc44c0, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0212.603] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0212.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.604] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Links", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Links", lpFilePart=0x0) returned 0x18 [0212.604] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Links\\*.*" (normalized: "c:\\users\\oqxzraykm\\links\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x67b16799, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x523e9d9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601600 [0212.604] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x67b16799, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x523e9d9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.604] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x52115137, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x99745a30, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x523e9d9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.605] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52351544, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x52351544, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x52351544, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0212.605] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x523c3a91, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x523c3a91, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x523c3a91, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x3c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0212.605] FindNextFileW (in: hFindFile=0x601600, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.605] FindClose (in: hFindFile=0x601600 | out: hFindFile=0x601600) returned 1 [0212.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.605] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Links", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Links", lpFilePart=0x0) returned 0x18 [0212.606] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Links\\*" (normalized: "c:\\users\\oqxzraykm\\links\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x131b39ed, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x523e9d9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601960 [0212.606] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x131b39ed, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x523e9d9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.606] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x52115137, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x99745a30, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x523e9d9f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.606] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52351544, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x52351544, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x52351544, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0212.606] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x523c3a91, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x523c3a91, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x523c3a91, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x3c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0212.606] FindNextFileW (in: hFindFile=0x601960, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x523c3a91, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x523c3a91, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x523c3a91, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x3c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 0 [0212.606] FindClose (in: hFindFile=0x601960 | out: hFindFile=0x601960) returned 1 [0212.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.607] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music", lpFilePart=0x0) returned 0x18 [0212.607] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\*.*" (normalized: "c:\\users\\oqxzraykm\\music\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2ab6df7e, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0212.608] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2ab6df7e, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.608] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51b91c42, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51e1a3cc, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.608] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x607dde50, ftCreationTime.dwHighDateTime=0x1d9ab08, ftLastAccessTime.dwLowDateTime=0xdfd61548, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x387bb120, ftLastWriteTime.dwHighDateTime=0x1d9b292, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fKXZPFzU", cAlternateFileName="")) returned 1 [0212.608] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x631e3b90, ftCreationTime.dwHighDateTime=0x1d9a96f, ftLastAccessTime.dwLowDateTime=0x501476a0, ftLastAccessTime.dwHighDateTime=0x1d9b30f, ftLastWriteTime.dwLowDateTime=0x501476a0, ftLastWriteTime.dwHighDateTime=0x1d9b30f, nFileSizeHigh=0x0, nFileSizeLow=0x11588, dwReserved0=0x0, dwReserved1=0x0, cFileName="hA_COuLnwKLAUF3o.wav", cAlternateFileName="HA_COU~1.WAV")) returned 1 [0212.608] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd75fe2e0, ftCreationTime.dwHighDateTime=0x1d9a7cd, ftLastAccessTime.dwLowDateTime=0x3f2fef80, ftLastAccessTime.dwHighDateTime=0x1d9b397, ftLastWriteTime.dwLowDateTime=0x3f2fef80, ftLastWriteTime.dwHighDateTime=0x1d9b397, nFileSizeHigh=0x0, nFileSizeLow=0x12327, dwReserved0=0x0, dwReserved1=0x0, cFileName="LboyrTrSd29 0vp9.wav", cAlternateFileName="LBOYRT~1.WAV")) returned 1 [0212.610] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x174b2c0, ftCreationTime.dwHighDateTime=0x1d9a960, ftLastAccessTime.dwLowDateTime=0xe8a63190, ftLastAccessTime.dwHighDateTime=0x1d9b023, ftLastWriteTime.dwLowDateTime=0xe8a63190, ftLastWriteTime.dwHighDateTime=0x1d9b023, nFileSizeHigh=0x0, nFileSizeLow=0x115e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="mxJVuVtzW.m4a", cAlternateFileName="MXJVUV~1.M4A")) returned 1 [0212.610] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69cc7fa0, ftCreationTime.dwHighDateTime=0x1d9ae1b, ftLastAccessTime.dwLowDateTime=0xa4d4afb0, ftLastAccessTime.dwHighDateTime=0x1d9b112, ftLastWriteTime.dwLowDateTime=0xa4d4afb0, ftLastWriteTime.dwHighDateTime=0x1d9b112, nFileSizeHigh=0x0, nFileSizeLow=0xda1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="xGenhUSf.wav", cAlternateFileName="")) returned 1 [0212.610] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x653ca0d0, ftCreationTime.dwHighDateTime=0x1d9abb6, ftLastAccessTime.dwLowDateTime=0x2ef432d0, ftLastAccessTime.dwHighDateTime=0x1d9affe, ftLastWriteTime.dwLowDateTime=0x2ef432d0, ftLastWriteTime.dwHighDateTime=0x1d9affe, nFileSizeHigh=0x0, nFileSizeLow=0x15661, dwReserved0=0x0, dwReserved1=0x0, cFileName="zrq_g3Db1WI.m4a", cAlternateFileName="ZRQ_G3~1.M4A")) returned 1 [0212.610] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.610] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0212.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.611] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.611] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music", lpFilePart=0x0) returned 0x18 [0212.611] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\*" (normalized: "c:\\users\\oqxzraykm\\music\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2ab6df7e, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.611] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2ab6df7e, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.611] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51b91c42, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51e1a3cc, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.612] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x607dde50, ftCreationTime.dwHighDateTime=0x1d9ab08, ftLastAccessTime.dwLowDateTime=0xdfd61548, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x387bb120, ftLastWriteTime.dwHighDateTime=0x1d9b292, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fKXZPFzU", cAlternateFileName="")) returned 1 [0212.612] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x631e3b90, ftCreationTime.dwHighDateTime=0x1d9a96f, ftLastAccessTime.dwLowDateTime=0x501476a0, ftLastAccessTime.dwHighDateTime=0x1d9b30f, ftLastWriteTime.dwLowDateTime=0x501476a0, ftLastWriteTime.dwHighDateTime=0x1d9b30f, nFileSizeHigh=0x0, nFileSizeLow=0x11588, dwReserved0=0x0, dwReserved1=0x0, cFileName="hA_COuLnwKLAUF3o.wav", cAlternateFileName="HA_COU~1.WAV")) returned 1 [0212.612] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd75fe2e0, ftCreationTime.dwHighDateTime=0x1d9a7cd, ftLastAccessTime.dwLowDateTime=0x3f2fef80, ftLastAccessTime.dwHighDateTime=0x1d9b397, ftLastWriteTime.dwLowDateTime=0x3f2fef80, ftLastWriteTime.dwHighDateTime=0x1d9b397, nFileSizeHigh=0x0, nFileSizeLow=0x12327, dwReserved0=0x0, dwReserved1=0x0, cFileName="LboyrTrSd29 0vp9.wav", cAlternateFileName="LBOYRT~1.WAV")) returned 1 [0212.612] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x174b2c0, ftCreationTime.dwHighDateTime=0x1d9a960, ftLastAccessTime.dwLowDateTime=0xe8a63190, ftLastAccessTime.dwHighDateTime=0x1d9b023, ftLastWriteTime.dwLowDateTime=0xe8a63190, ftLastWriteTime.dwHighDateTime=0x1d9b023, nFileSizeHigh=0x0, nFileSizeLow=0x115e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="mxJVuVtzW.m4a", cAlternateFileName="MXJVUV~1.M4A")) returned 1 [0212.612] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69cc7fa0, ftCreationTime.dwHighDateTime=0x1d9ae1b, ftLastAccessTime.dwLowDateTime=0xa4d4afb0, ftLastAccessTime.dwHighDateTime=0x1d9b112, ftLastWriteTime.dwLowDateTime=0xa4d4afb0, ftLastWriteTime.dwHighDateTime=0x1d9b112, nFileSizeHigh=0x0, nFileSizeLow=0xda1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="xGenhUSf.wav", cAlternateFileName="")) returned 1 [0212.612] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x653ca0d0, ftCreationTime.dwHighDateTime=0x1d9abb6, ftLastAccessTime.dwLowDateTime=0x2ef432d0, ftLastAccessTime.dwHighDateTime=0x1d9affe, ftLastWriteTime.dwLowDateTime=0x2ef432d0, ftLastWriteTime.dwHighDateTime=0x1d9affe, nFileSizeHigh=0x0, nFileSizeLow=0x15661, dwReserved0=0x0, dwReserved1=0x0, cFileName="zrq_g3Db1WI.m4a", cAlternateFileName="ZRQ_G3~1.M4A")) returned 1 [0212.612] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x653ca0d0, ftCreationTime.dwHighDateTime=0x1d9abb6, ftLastAccessTime.dwLowDateTime=0x2ef432d0, ftLastAccessTime.dwHighDateTime=0x1d9affe, ftLastWriteTime.dwLowDateTime=0x2ef432d0, ftLastWriteTime.dwHighDateTime=0x1d9affe, nFileSizeHigh=0x0, nFileSizeLow=0x15661, dwReserved0=0x0, dwReserved1=0x0, cFileName="zrq_g3Db1WI.m4a", cAlternateFileName="ZRQ_G3~1.M4A")) returned 0 [0212.612] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0212.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.613] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU", lpFilePart=0x0) returned 0x21 [0212.613] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\*.*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x607dde50, ftCreationTime.dwHighDateTime=0x1d9ab08, ftLastAccessTime.dwLowDateTime=0xdfd61548, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x387bb120, ftLastWriteTime.dwHighDateTime=0x1d9b292, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0212.613] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x607dde50, ftCreationTime.dwHighDateTime=0x1d9ab08, ftLastAccessTime.dwLowDateTime=0xdfd61548, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x387bb120, ftLastWriteTime.dwHighDateTime=0x1d9b292, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.614] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe457f0c0, ftCreationTime.dwHighDateTime=0x1d9a749, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x53abd7c0, ftLastWriteTime.dwHighDateTime=0x1d9b0aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cYW1VXatB-JI8vQr", cAlternateFileName="CYW1VX~1")) returned 1 [0212.614] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7ddaa20, ftCreationTime.dwHighDateTime=0x1d9aeed, ftLastAccessTime.dwLowDateTime=0xa4be3de0, ftLastAccessTime.dwHighDateTime=0x1d9b188, ftLastWriteTime.dwLowDateTime=0xa4be3de0, ftLastWriteTime.dwHighDateTime=0x1d9b188, nFileSizeHigh=0x0, nFileSizeLow=0x45d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="khQW_klzonGAlN.wav", cAlternateFileName="KHQW_K~1.WAV")) returned 1 [0212.614] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x945e98b0, ftCreationTime.dwHighDateTime=0x1d9a9c1, ftLastAccessTime.dwLowDateTime=0xee467c8d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4e683050, ftLastWriteTime.dwHighDateTime=0x1d9ac37, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LUnjpDpKTSnQmwR3f6Nd", cAlternateFileName="LUNJPD~1")) returned 1 [0212.614] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x945e98b0, ftCreationTime.dwHighDateTime=0x1d9a9c1, ftLastAccessTime.dwLowDateTime=0xee467c8d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4e683050, ftLastWriteTime.dwHighDateTime=0x1d9ac37, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LUnjpDpKTSnQmwR3f6Nd", cAlternateFileName="LUNJPD~1")) returned 0 [0212.614] FindClose (in: hFindFile=0x601000 | out: hFindFile=0x601000) returned 1 [0212.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.614] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU", lpFilePart=0x0) returned 0x21 [0212.614] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x607dde50, ftCreationTime.dwHighDateTime=0x1d9ab08, ftLastAccessTime.dwLowDateTime=0xdfd61548, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x387bb120, ftLastWriteTime.dwHighDateTime=0x1d9b292, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.615] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x607dde50, ftCreationTime.dwHighDateTime=0x1d9ab08, ftLastAccessTime.dwLowDateTime=0xdfd61548, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x387bb120, ftLastWriteTime.dwHighDateTime=0x1d9b292, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.615] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe457f0c0, ftCreationTime.dwHighDateTime=0x1d9a749, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x53abd7c0, ftLastWriteTime.dwHighDateTime=0x1d9b0aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cYW1VXatB-JI8vQr", cAlternateFileName="CYW1VX~1")) returned 1 [0212.615] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7ddaa20, ftCreationTime.dwHighDateTime=0x1d9aeed, ftLastAccessTime.dwLowDateTime=0xa4be3de0, ftLastAccessTime.dwHighDateTime=0x1d9b188, ftLastWriteTime.dwLowDateTime=0xa4be3de0, ftLastWriteTime.dwHighDateTime=0x1d9b188, nFileSizeHigh=0x0, nFileSizeLow=0x45d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="khQW_klzonGAlN.wav", cAlternateFileName="KHQW_K~1.WAV")) returned 1 [0212.615] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x945e98b0, ftCreationTime.dwHighDateTime=0x1d9a9c1, ftLastAccessTime.dwLowDateTime=0xee467c8d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4e683050, ftLastWriteTime.dwHighDateTime=0x1d9ac37, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LUnjpDpKTSnQmwR3f6Nd", cAlternateFileName="LUNJPD~1")) returned 1 [0212.615] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.615] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0212.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.618] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr", lpFilePart=0x0) returned 0x32 [0212.618] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\*.*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe457f0c0, ftCreationTime.dwHighDateTime=0x1d9a749, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x53abd7c0, ftLastWriteTime.dwHighDateTime=0x1d9b0aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601060 [0212.619] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe457f0c0, ftCreationTime.dwHighDateTime=0x1d9a749, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x53abd7c0, ftLastWriteTime.dwHighDateTime=0x1d9b0aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.619] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x89d2180, ftCreationTime.dwHighDateTime=0x1d9b33e, ftLastAccessTime.dwLowDateTime=0xe343d744, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe6b71ad0, ftLastWriteTime.dwHighDateTime=0x1d9b39c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2sJQfwB3SA1-aIl-", cAlternateFileName="2SJQFW~1")) returned 1 [0212.619] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45fd3810, ftCreationTime.dwHighDateTime=0x1d9b534, ftLastAccessTime.dwLowDateTime=0x3ebc7ec3, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0xc2598520, ftLastWriteTime.dwHighDateTime=0x1d9b553, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3HUK6hE8Sxy4S31RG", cAlternateFileName="3HUK6H~1")) returned 1 [0212.619] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e2ac7b0, ftCreationTime.dwHighDateTime=0x1d9b50e, ftLastAccessTime.dwLowDateTime=0xfe967c67, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x761e8f40, ftLastWriteTime.dwHighDateTime=0x1d9b547, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5JVUFsxkO", cAlternateFileName="5JVUFS~1")) returned 1 [0212.619] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ac503b0, ftCreationTime.dwHighDateTime=0x1d9aad7, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x8469b940, ftLastWriteTime.dwHighDateTime=0x1d9ae9d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lbLbIV", cAlternateFileName="")) returned 1 [0212.619] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54695390, ftCreationTime.dwHighDateTime=0x1d9a4f2, ftLastAccessTime.dwLowDateTime=0xad39b340, ftLastAccessTime.dwHighDateTime=0x1d9b012, ftLastWriteTime.dwLowDateTime=0xad39b340, ftLastWriteTime.dwHighDateTime=0x1d9b012, nFileSizeHigh=0x0, nFileSizeLow=0x7916, dwReserved0=0x0, dwReserved1=0x0, cFileName="m3usBO7dK87a.mp3", cAlternateFileName="M3USBO~1.MP3")) returned 1 [0212.619] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x461f1f0, ftCreationTime.dwHighDateTime=0x1d9b153, ftLastAccessTime.dwLowDateTime=0x361315c0, ftLastAccessTime.dwHighDateTime=0x1d9b528, ftLastWriteTime.dwLowDateTime=0x361315c0, ftLastWriteTime.dwHighDateTime=0x1d9b528, nFileSizeHigh=0x0, nFileSizeLow=0x17ebd, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZHeoLPlr6M.mp3", cAlternateFileName="ZHEOLP~1.MP3")) returned 1 [0212.619] FindNextFileW (in: hFindFile=0x601060, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.620] FindClose (in: hFindFile=0x601060 | out: hFindFile=0x601060) returned 1 [0212.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0212.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0212.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.620] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr", lpFilePart=0x0) returned 0x32 [0212.621] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe457f0c0, ftCreationTime.dwHighDateTime=0x1d9a749, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x53abd7c0, ftLastWriteTime.dwHighDateTime=0x1d9b0aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601780 [0212.621] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe457f0c0, ftCreationTime.dwHighDateTime=0x1d9a749, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x53abd7c0, ftLastWriteTime.dwHighDateTime=0x1d9b0aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.621] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x89d2180, ftCreationTime.dwHighDateTime=0x1d9b33e, ftLastAccessTime.dwLowDateTime=0xe343d744, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe6b71ad0, ftLastWriteTime.dwHighDateTime=0x1d9b39c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2sJQfwB3SA1-aIl-", cAlternateFileName="2SJQFW~1")) returned 1 [0212.621] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45fd3810, ftCreationTime.dwHighDateTime=0x1d9b534, ftLastAccessTime.dwLowDateTime=0x3ebc7ec3, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0xc2598520, ftLastWriteTime.dwHighDateTime=0x1d9b553, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3HUK6hE8Sxy4S31RG", cAlternateFileName="3HUK6H~1")) returned 1 [0212.621] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e2ac7b0, ftCreationTime.dwHighDateTime=0x1d9b50e, ftLastAccessTime.dwLowDateTime=0xfe967c67, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x761e8f40, ftLastWriteTime.dwHighDateTime=0x1d9b547, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5JVUFsxkO", cAlternateFileName="5JVUFS~1")) returned 1 [0212.621] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ac503b0, ftCreationTime.dwHighDateTime=0x1d9aad7, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x8469b940, ftLastWriteTime.dwHighDateTime=0x1d9ae9d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lbLbIV", cAlternateFileName="")) returned 1 [0212.621] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54695390, ftCreationTime.dwHighDateTime=0x1d9a4f2, ftLastAccessTime.dwLowDateTime=0xad39b340, ftLastAccessTime.dwHighDateTime=0x1d9b012, ftLastWriteTime.dwLowDateTime=0xad39b340, ftLastWriteTime.dwHighDateTime=0x1d9b012, nFileSizeHigh=0x0, nFileSizeLow=0x7916, dwReserved0=0x0, dwReserved1=0x0, cFileName="m3usBO7dK87a.mp3", cAlternateFileName="M3USBO~1.MP3")) returned 1 [0212.621] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x461f1f0, ftCreationTime.dwHighDateTime=0x1d9b153, ftLastAccessTime.dwLowDateTime=0x361315c0, ftLastAccessTime.dwHighDateTime=0x1d9b528, ftLastWriteTime.dwLowDateTime=0x361315c0, ftLastWriteTime.dwHighDateTime=0x1d9b528, nFileSizeHigh=0x0, nFileSizeLow=0x17ebd, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZHeoLPlr6M.mp3", cAlternateFileName="ZHEOLP~1.MP3")) returned 1 [0212.622] FindNextFileW (in: hFindFile=0x601780, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x461f1f0, ftCreationTime.dwHighDateTime=0x1d9b153, ftLastAccessTime.dwLowDateTime=0x361315c0, ftLastAccessTime.dwHighDateTime=0x1d9b528, ftLastWriteTime.dwLowDateTime=0x361315c0, ftLastWriteTime.dwHighDateTime=0x1d9b528, nFileSizeHigh=0x0, nFileSizeLow=0x17ebd, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZHeoLPlr6M.mp3", cAlternateFileName="ZHEOLP~1.MP3")) returned 0 [0212.622] FindClose (in: hFindFile=0x601780 | out: hFindFile=0x601780) returned 1 [0212.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0212.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0212.624] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.624] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-", lpFilePart=0x0) returned 0x43 [0212.624] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\*.*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\2sjqfwb3sa1-ail-\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x89d2180, ftCreationTime.dwHighDateTime=0x1d9b33e, ftLastAccessTime.dwLowDateTime=0xe343d744, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe6b71ad0, ftLastWriteTime.dwHighDateTime=0x1d9b39c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600ca0 [0212.625] FindNextFileW (in: hFindFile=0x600ca0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x89d2180, ftCreationTime.dwHighDateTime=0x1d9b33e, ftLastAccessTime.dwLowDateTime=0xe343d744, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe6b71ad0, ftLastWriteTime.dwHighDateTime=0x1d9b39c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.625] FindNextFileW (in: hFindFile=0x600ca0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49037f20, ftCreationTime.dwHighDateTime=0x1d9abb0, ftLastAccessTime.dwLowDateTime=0xde4a7b00, ftLastAccessTime.dwHighDateTime=0x1d9b10b, ftLastWriteTime.dwLowDateTime=0xde4a7b00, ftLastWriteTime.dwHighDateTime=0x1d9b10b, nFileSizeHigh=0x0, nFileSizeLow=0x11bff, dwReserved0=0x0, dwReserved1=0x0, cFileName="6Yf_v.mp3", cAlternateFileName="")) returned 1 [0212.625] FindNextFileW (in: hFindFile=0x600ca0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe446ded0, ftCreationTime.dwHighDateTime=0x1d9a8bf, ftLastAccessTime.dwLowDateTime=0x627ca860, ftLastAccessTime.dwHighDateTime=0x1d9b096, ftLastWriteTime.dwLowDateTime=0x627ca860, ftLastWriteTime.dwHighDateTime=0x1d9b096, nFileSizeHigh=0x0, nFileSizeLow=0x67a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BZ_DGmPRYItVa.wav", cAlternateFileName="BZ_DGM~1.WAV")) returned 1 [0212.625] FindNextFileW (in: hFindFile=0x600ca0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d74b810, ftCreationTime.dwHighDateTime=0x1d9ad88, ftLastAccessTime.dwLowDateTime=0x1fa20d0, ftLastAccessTime.dwHighDateTime=0x1d9af7e, ftLastWriteTime.dwLowDateTime=0x1fa20d0, ftLastWriteTime.dwHighDateTime=0x1d9af7e, nFileSizeHigh=0x0, nFileSizeLow=0x78d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JlmQU.m4a", cAlternateFileName="")) returned 1 [0212.625] FindNextFileW (in: hFindFile=0x600ca0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8c67d80, ftCreationTime.dwHighDateTime=0x1d9b438, ftLastAccessTime.dwLowDateTime=0x2db0e7c0, ftLastAccessTime.dwHighDateTime=0x1d9b4bc, ftLastWriteTime.dwLowDateTime=0x2db0e7c0, ftLastWriteTime.dwHighDateTime=0x1d9b4bc, nFileSizeHigh=0x0, nFileSizeLow=0x113f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LTrTMHYgSSUmaHpzh.wav", cAlternateFileName="LTRTMH~1.WAV")) returned 1 [0212.625] FindNextFileW (in: hFindFile=0x600ca0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe636210, ftCreationTime.dwHighDateTime=0x1d9ada7, ftLastAccessTime.dwLowDateTime=0x68bb05a0, ftLastAccessTime.dwHighDateTime=0x1d9b0fa, ftLastWriteTime.dwLowDateTime=0x68bb05a0, ftLastWriteTime.dwHighDateTime=0x1d9b0fa, nFileSizeHigh=0x0, nFileSizeLow=0x10a19, dwReserved0=0x0, dwReserved1=0x0, cFileName="UJA.mp3", cAlternateFileName="")) returned 1 [0212.625] FindNextFileW (in: hFindFile=0x600ca0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.625] FindClose (in: hFindFile=0x600ca0 | out: hFindFile=0x600ca0) returned 1 [0212.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.626] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-", lpFilePart=0x0) returned 0x43 [0212.626] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\2sJQfwB3SA1-aIl-\\*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\2sjqfwb3sa1-ail-\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x89d2180, ftCreationTime.dwHighDateTime=0x1d9b33e, ftLastAccessTime.dwLowDateTime=0xe343d744, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe6b71ad0, ftLastWriteTime.dwHighDateTime=0x1d9b39c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.627] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x89d2180, ftCreationTime.dwHighDateTime=0x1d9b33e, ftLastAccessTime.dwLowDateTime=0xe343d744, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xe6b71ad0, ftLastWriteTime.dwHighDateTime=0x1d9b39c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.627] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49037f20, ftCreationTime.dwHighDateTime=0x1d9abb0, ftLastAccessTime.dwLowDateTime=0xde4a7b00, ftLastAccessTime.dwHighDateTime=0x1d9b10b, ftLastWriteTime.dwLowDateTime=0xde4a7b00, ftLastWriteTime.dwHighDateTime=0x1d9b10b, nFileSizeHigh=0x0, nFileSizeLow=0x11bff, dwReserved0=0x0, dwReserved1=0x0, cFileName="6Yf_v.mp3", cAlternateFileName="")) returned 1 [0212.627] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe446ded0, ftCreationTime.dwHighDateTime=0x1d9a8bf, ftLastAccessTime.dwLowDateTime=0x627ca860, ftLastAccessTime.dwHighDateTime=0x1d9b096, ftLastWriteTime.dwLowDateTime=0x627ca860, ftLastWriteTime.dwHighDateTime=0x1d9b096, nFileSizeHigh=0x0, nFileSizeLow=0x67a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BZ_DGmPRYItVa.wav", cAlternateFileName="BZ_DGM~1.WAV")) returned 1 [0212.627] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d74b810, ftCreationTime.dwHighDateTime=0x1d9ad88, ftLastAccessTime.dwLowDateTime=0x1fa20d0, ftLastAccessTime.dwHighDateTime=0x1d9af7e, ftLastWriteTime.dwLowDateTime=0x1fa20d0, ftLastWriteTime.dwHighDateTime=0x1d9af7e, nFileSizeHigh=0x0, nFileSizeLow=0x78d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JlmQU.m4a", cAlternateFileName="")) returned 1 [0212.627] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8c67d80, ftCreationTime.dwHighDateTime=0x1d9b438, ftLastAccessTime.dwLowDateTime=0x2db0e7c0, ftLastAccessTime.dwHighDateTime=0x1d9b4bc, ftLastWriteTime.dwLowDateTime=0x2db0e7c0, ftLastWriteTime.dwHighDateTime=0x1d9b4bc, nFileSizeHigh=0x0, nFileSizeLow=0x113f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LTrTMHYgSSUmaHpzh.wav", cAlternateFileName="LTRTMH~1.WAV")) returned 1 [0212.627] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe636210, ftCreationTime.dwHighDateTime=0x1d9ada7, ftLastAccessTime.dwLowDateTime=0x68bb05a0, ftLastAccessTime.dwHighDateTime=0x1d9b0fa, ftLastWriteTime.dwLowDateTime=0x68bb05a0, ftLastWriteTime.dwHighDateTime=0x1d9b0fa, nFileSizeHigh=0x0, nFileSizeLow=0x10a19, dwReserved0=0x0, dwReserved1=0x0, cFileName="UJA.mp3", cAlternateFileName="")) returned 1 [0212.627] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe636210, ftCreationTime.dwHighDateTime=0x1d9ada7, ftLastAccessTime.dwLowDateTime=0x68bb05a0, ftLastAccessTime.dwHighDateTime=0x1d9b0fa, ftLastWriteTime.dwLowDateTime=0x68bb05a0, ftLastWriteTime.dwHighDateTime=0x1d9b0fa, nFileSizeHigh=0x0, nFileSizeLow=0x10a19, dwReserved0=0x0, dwReserved1=0x0, cFileName="UJA.mp3", cAlternateFileName="")) returned 0 [0212.627] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.628] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG", lpFilePart=0x0) returned 0x44 [0212.628] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\*.*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45fd3810, ftCreationTime.dwHighDateTime=0x1d9b534, ftLastAccessTime.dwLowDateTime=0x3ebc7ec3, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0xc2598520, ftLastWriteTime.dwHighDateTime=0x1d9b553, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.628] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45fd3810, ftCreationTime.dwHighDateTime=0x1d9b534, ftLastAccessTime.dwLowDateTime=0x3ebc7ec3, ftLastAccessTime.dwHighDateTime=0x1d9b560, ftLastWriteTime.dwLowDateTime=0xc2598520, ftLastWriteTime.dwHighDateTime=0x1d9b553, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.629] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x525d9a20, ftCreationTime.dwHighDateTime=0x1d9b0dc, ftLastAccessTime.dwLowDateTime=0x151462d0, ftLastAccessTime.dwHighDateTime=0x1d9b30b, ftLastWriteTime.dwLowDateTime=0x151462d0, ftLastWriteTime.dwHighDateTime=0x1d9b30b, nFileSizeHigh=0x0, nFileSizeLow=0x3583, dwReserved0=0x0, dwReserved1=0x0, cFileName="5pNZj pp19HMqRG.m4a", cAlternateFileName="5PNZJP~1.M4A")) returned 1 [0212.629] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x527107a0, ftCreationTime.dwHighDateTime=0x1d9ae56, ftLastAccessTime.dwLowDateTime=0x282783a0, ftLastAccessTime.dwHighDateTime=0x1d9af6b, ftLastWriteTime.dwLowDateTime=0x282783a0, ftLastWriteTime.dwHighDateTime=0x1d9af6b, nFileSizeHigh=0x0, nFileSizeLow=0x1025d, dwReserved0=0x0, dwReserved1=0x0, cFileName="AHJ0i7W5XzWYH.mp3", cAlternateFileName="AHJ0I7~1.MP3")) returned 1 [0212.629] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90233cb0, ftCreationTime.dwHighDateTime=0x1d9b187, ftLastAccessTime.dwLowDateTime=0x9bea6cc0, ftLastAccessTime.dwHighDateTime=0x1d9b2a5, ftLastWriteTime.dwLowDateTime=0x9bea6cc0, ftLastWriteTime.dwHighDateTime=0x1d9b2a5, nFileSizeHigh=0x0, nFileSizeLow=0x1291a, dwReserved0=0x0, dwReserved1=0x0, cFileName="aqSJeUJbkGPmNOCdQZeq.m4a", cAlternateFileName="AQSJEU~1.M4A")) returned 1 [0212.629] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4467df0, ftCreationTime.dwHighDateTime=0x1d9b2dc, ftLastAccessTime.dwLowDateTime=0x6da09150, ftLastAccessTime.dwHighDateTime=0x1d9b4da, ftLastWriteTime.dwLowDateTime=0x6da09150, ftLastWriteTime.dwHighDateTime=0x1d9b4da, nFileSizeHigh=0x0, nFileSizeLow=0x11684, dwReserved0=0x0, dwReserved1=0x0, cFileName="D 6wD Llpb3ZUpk.wav", cAlternateFileName="D6WDLL~1.WAV")) returned 1 [0212.629] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1cf7750, ftCreationTime.dwHighDateTime=0x1d9b07b, ftLastAccessTime.dwLowDateTime=0x34ce1ca0, ftLastAccessTime.dwHighDateTime=0x1d9b249, ftLastWriteTime.dwLowDateTime=0x34ce1ca0, ftLastWriteTime.dwHighDateTime=0x1d9b249, nFileSizeHigh=0x0, nFileSizeLow=0xc49, dwReserved0=0x0, dwReserved1=0x0, cFileName="DYPgyZCU ITe6T.m4a", cAlternateFileName="DYPGYZ~1.M4A")) returned 1 [0212.629] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26b5b070, ftCreationTime.dwHighDateTime=0x1d9ab13, ftLastAccessTime.dwLowDateTime=0xede792a0, ftLastAccessTime.dwHighDateTime=0x1d9b273, ftLastWriteTime.dwLowDateTime=0xede792a0, ftLastWriteTime.dwHighDateTime=0x1d9b273, nFileSizeHigh=0x0, nFileSizeLow=0x3539, dwReserved0=0x0, dwReserved1=0x0, cFileName="GHyWMiA43K.mp3", cAlternateFileName="GHYWMI~1.MP3")) returned 1 [0212.629] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3eb4930, ftCreationTime.dwHighDateTime=0x1d9a7b9, ftLastAccessTime.dwLowDateTime=0xb5d34740, ftLastAccessTime.dwHighDateTime=0x1d9b176, ftLastWriteTime.dwLowDateTime=0xb5d34740, ftLastWriteTime.dwHighDateTime=0x1d9b176, nFileSizeHigh=0x0, nFileSizeLow=0x5b72, dwReserved0=0x0, dwReserved1=0x0, cFileName="kB1RpVPtcBx62ERzezhB.mp3", cAlternateFileName="KB1RPV~1.MP3")) returned 1 [0212.630] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.630] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.630] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG", lpFilePart=0x0) returned 0x44 [0212.631] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\3HUK6hE8Sxy4S31RG\\*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\3huk6he8sxy4s31rg\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45fd3810, ftCreationTime.dwHighDateTime=0x1d9b534, ftLastAccessTime.dwLowDateTime=0x131d9fa7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc2598520, ftLastWriteTime.dwHighDateTime=0x1d9b553, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0212.631] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45fd3810, ftCreationTime.dwHighDateTime=0x1d9b534, ftLastAccessTime.dwLowDateTime=0x131d9fa7, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc2598520, ftLastWriteTime.dwHighDateTime=0x1d9b553, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.632] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x525d9a20, ftCreationTime.dwHighDateTime=0x1d9b0dc, ftLastAccessTime.dwLowDateTime=0x151462d0, ftLastAccessTime.dwHighDateTime=0x1d9b30b, ftLastWriteTime.dwLowDateTime=0x151462d0, ftLastWriteTime.dwHighDateTime=0x1d9b30b, nFileSizeHigh=0x0, nFileSizeLow=0x3583, dwReserved0=0x0, dwReserved1=0x0, cFileName="5pNZj pp19HMqRG.m4a", cAlternateFileName="5PNZJP~1.M4A")) returned 1 [0212.632] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x527107a0, ftCreationTime.dwHighDateTime=0x1d9ae56, ftLastAccessTime.dwLowDateTime=0x282783a0, ftLastAccessTime.dwHighDateTime=0x1d9af6b, ftLastWriteTime.dwLowDateTime=0x282783a0, ftLastWriteTime.dwHighDateTime=0x1d9af6b, nFileSizeHigh=0x0, nFileSizeLow=0x1025d, dwReserved0=0x0, dwReserved1=0x0, cFileName="AHJ0i7W5XzWYH.mp3", cAlternateFileName="AHJ0I7~1.MP3")) returned 1 [0212.632] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90233cb0, ftCreationTime.dwHighDateTime=0x1d9b187, ftLastAccessTime.dwLowDateTime=0x9bea6cc0, ftLastAccessTime.dwHighDateTime=0x1d9b2a5, ftLastWriteTime.dwLowDateTime=0x9bea6cc0, ftLastWriteTime.dwHighDateTime=0x1d9b2a5, nFileSizeHigh=0x0, nFileSizeLow=0x1291a, dwReserved0=0x0, dwReserved1=0x0, cFileName="aqSJeUJbkGPmNOCdQZeq.m4a", cAlternateFileName="AQSJEU~1.M4A")) returned 1 [0212.632] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4467df0, ftCreationTime.dwHighDateTime=0x1d9b2dc, ftLastAccessTime.dwLowDateTime=0x6da09150, ftLastAccessTime.dwHighDateTime=0x1d9b4da, ftLastWriteTime.dwLowDateTime=0x6da09150, ftLastWriteTime.dwHighDateTime=0x1d9b4da, nFileSizeHigh=0x0, nFileSizeLow=0x11684, dwReserved0=0x0, dwReserved1=0x0, cFileName="D 6wD Llpb3ZUpk.wav", cAlternateFileName="D6WDLL~1.WAV")) returned 1 [0212.632] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1cf7750, ftCreationTime.dwHighDateTime=0x1d9b07b, ftLastAccessTime.dwLowDateTime=0x34ce1ca0, ftLastAccessTime.dwHighDateTime=0x1d9b249, ftLastWriteTime.dwLowDateTime=0x34ce1ca0, ftLastWriteTime.dwHighDateTime=0x1d9b249, nFileSizeHigh=0x0, nFileSizeLow=0xc49, dwReserved0=0x0, dwReserved1=0x0, cFileName="DYPgyZCU ITe6T.m4a", cAlternateFileName="DYPGYZ~1.M4A")) returned 1 [0212.632] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26b5b070, ftCreationTime.dwHighDateTime=0x1d9ab13, ftLastAccessTime.dwLowDateTime=0xede792a0, ftLastAccessTime.dwHighDateTime=0x1d9b273, ftLastWriteTime.dwLowDateTime=0xede792a0, ftLastWriteTime.dwHighDateTime=0x1d9b273, nFileSizeHigh=0x0, nFileSizeLow=0x3539, dwReserved0=0x0, dwReserved1=0x0, cFileName="GHyWMiA43K.mp3", cAlternateFileName="GHYWMI~1.MP3")) returned 1 [0212.632] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3eb4930, ftCreationTime.dwHighDateTime=0x1d9a7b9, ftLastAccessTime.dwLowDateTime=0xb5d34740, ftLastAccessTime.dwHighDateTime=0x1d9b176, ftLastWriteTime.dwLowDateTime=0xb5d34740, ftLastWriteTime.dwHighDateTime=0x1d9b176, nFileSizeHigh=0x0, nFileSizeLow=0x5b72, dwReserved0=0x0, dwReserved1=0x0, cFileName="kB1RpVPtcBx62ERzezhB.mp3", cAlternateFileName="KB1RPV~1.MP3")) returned 1 [0212.632] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3eb4930, ftCreationTime.dwHighDateTime=0x1d9a7b9, ftLastAccessTime.dwLowDateTime=0xb5d34740, ftLastAccessTime.dwHighDateTime=0x1d9b176, ftLastWriteTime.dwLowDateTime=0xb5d34740, ftLastWriteTime.dwHighDateTime=0x1d9b176, nFileSizeHigh=0x0, nFileSizeLow=0x5b72, dwReserved0=0x0, dwReserved1=0x0, cFileName="kB1RpVPtcBx62ERzezhB.mp3", cAlternateFileName="KB1RPV~1.MP3")) returned 0 [0212.632] FindClose (in: hFindFile=0x600d60 | out: hFindFile=0x600d60) returned 1 [0212.632] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.633] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO", lpFilePart=0x0) returned 0x3c [0212.633] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO\\*.*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\5jvufsxko\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e2ac7b0, ftCreationTime.dwHighDateTime=0x1d9b50e, ftLastAccessTime.dwLowDateTime=0xfe967c67, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x761e8f40, ftLastWriteTime.dwHighDateTime=0x1d9b547, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0212.633] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e2ac7b0, ftCreationTime.dwHighDateTime=0x1d9b50e, ftLastAccessTime.dwLowDateTime=0xfe967c67, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x761e8f40, ftLastWriteTime.dwHighDateTime=0x1d9b547, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.633] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0ddb1e0, ftCreationTime.dwHighDateTime=0x1d9af98, ftLastAccessTime.dwLowDateTime=0xeb7d4310, ftLastAccessTime.dwHighDateTime=0x1d9b418, ftLastWriteTime.dwLowDateTime=0xeb7d4310, ftLastWriteTime.dwHighDateTime=0x1d9b418, nFileSizeHigh=0x0, nFileSizeLow=0x3280, dwReserved0=0x0, dwReserved1=0x0, cFileName="9BlmqEieUhzDXnaJyY.m4a", cAlternateFileName="9BLMQE~1.M4A")) returned 1 [0212.633] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20303e40, ftCreationTime.dwHighDateTime=0x1d9af74, ftLastAccessTime.dwLowDateTime=0x6615b7b0, ftLastAccessTime.dwHighDateTime=0x1d9b1d5, ftLastWriteTime.dwLowDateTime=0x6615b7b0, ftLastWriteTime.dwHighDateTime=0x1d9b1d5, nFileSizeHigh=0x0, nFileSizeLow=0x7dcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="aG-QuQ4httW1c-X.mp3", cAlternateFileName="AG-QUQ~1.MP3")) returned 1 [0212.634] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5aa09b80, ftCreationTime.dwHighDateTime=0x1d9b044, ftLastAccessTime.dwLowDateTime=0x163c76d0, ftLastAccessTime.dwHighDateTime=0x1d9b305, ftLastWriteTime.dwLowDateTime=0x163c76d0, ftLastWriteTime.dwHighDateTime=0x1d9b305, nFileSizeHigh=0x0, nFileSizeLow=0x11e71, dwReserved0=0x0, dwReserved1=0x0, cFileName="P8E8-2zAK3.m4a", cAlternateFileName="P8E8-2~1.M4A")) returned 1 [0212.634] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa11d220, ftCreationTime.dwHighDateTime=0x1d9a558, ftLastAccessTime.dwLowDateTime=0xfa991660, ftLastAccessTime.dwHighDateTime=0x1d9b307, ftLastWriteTime.dwLowDateTime=0xfa991660, ftLastWriteTime.dwHighDateTime=0x1d9b307, nFileSizeHigh=0x0, nFileSizeLow=0xa099, dwReserved0=0x0, dwReserved1=0x0, cFileName="s-nWO.wav", cAlternateFileName="")) returned 1 [0212.634] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfabfcd50, ftCreationTime.dwHighDateTime=0x1d9a687, ftLastAccessTime.dwLowDateTime=0x3d10bd0, ftLastAccessTime.dwHighDateTime=0x1d9b280, ftLastWriteTime.dwLowDateTime=0x3d10bd0, ftLastWriteTime.dwHighDateTime=0x1d9b280, nFileSizeHigh=0x0, nFileSizeLow=0xab40, dwReserved0=0x0, dwReserved1=0x0, cFileName="yBi 9SE89cn9.m4a", cAlternateFileName="YBI9SE~1.M4A")) returned 1 [0212.634] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.634] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0212.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.634] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO", lpFilePart=0x0) returned 0x3c [0212.635] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\5JVUFsxkO\\*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\5jvufsxko\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e2ac7b0, ftCreationTime.dwHighDateTime=0x1d9b50e, ftLastAccessTime.dwLowDateTime=0xfe967c67, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x761e8f40, ftLastWriteTime.dwHighDateTime=0x1d9b547, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601900 [0212.635] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e2ac7b0, ftCreationTime.dwHighDateTime=0x1d9b50e, ftLastAccessTime.dwLowDateTime=0xfe967c67, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x761e8f40, ftLastWriteTime.dwHighDateTime=0x1d9b547, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.635] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0ddb1e0, ftCreationTime.dwHighDateTime=0x1d9af98, ftLastAccessTime.dwLowDateTime=0xeb7d4310, ftLastAccessTime.dwHighDateTime=0x1d9b418, ftLastWriteTime.dwLowDateTime=0xeb7d4310, ftLastWriteTime.dwHighDateTime=0x1d9b418, nFileSizeHigh=0x0, nFileSizeLow=0x3280, dwReserved0=0x0, dwReserved1=0x0, cFileName="9BlmqEieUhzDXnaJyY.m4a", cAlternateFileName="9BLMQE~1.M4A")) returned 1 [0212.635] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20303e40, ftCreationTime.dwHighDateTime=0x1d9af74, ftLastAccessTime.dwLowDateTime=0x6615b7b0, ftLastAccessTime.dwHighDateTime=0x1d9b1d5, ftLastWriteTime.dwLowDateTime=0x6615b7b0, ftLastWriteTime.dwHighDateTime=0x1d9b1d5, nFileSizeHigh=0x0, nFileSizeLow=0x7dcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="aG-QuQ4httW1c-X.mp3", cAlternateFileName="AG-QUQ~1.MP3")) returned 1 [0212.635] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5aa09b80, ftCreationTime.dwHighDateTime=0x1d9b044, ftLastAccessTime.dwLowDateTime=0x163c76d0, ftLastAccessTime.dwHighDateTime=0x1d9b305, ftLastWriteTime.dwLowDateTime=0x163c76d0, ftLastWriteTime.dwHighDateTime=0x1d9b305, nFileSizeHigh=0x0, nFileSizeLow=0x11e71, dwReserved0=0x0, dwReserved1=0x0, cFileName="P8E8-2zAK3.m4a", cAlternateFileName="P8E8-2~1.M4A")) returned 1 [0212.635] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa11d220, ftCreationTime.dwHighDateTime=0x1d9a558, ftLastAccessTime.dwLowDateTime=0xfa991660, ftLastAccessTime.dwHighDateTime=0x1d9b307, ftLastWriteTime.dwLowDateTime=0xfa991660, ftLastWriteTime.dwHighDateTime=0x1d9b307, nFileSizeHigh=0x0, nFileSizeLow=0xa099, dwReserved0=0x0, dwReserved1=0x0, cFileName="s-nWO.wav", cAlternateFileName="")) returned 1 [0212.635] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfabfcd50, ftCreationTime.dwHighDateTime=0x1d9a687, ftLastAccessTime.dwLowDateTime=0x3d10bd0, ftLastAccessTime.dwHighDateTime=0x1d9b280, ftLastWriteTime.dwLowDateTime=0x3d10bd0, ftLastWriteTime.dwHighDateTime=0x1d9b280, nFileSizeHigh=0x0, nFileSizeLow=0xab40, dwReserved0=0x0, dwReserved1=0x0, cFileName="yBi 9SE89cn9.m4a", cAlternateFileName="YBI9SE~1.M4A")) returned 1 [0212.635] FindNextFileW (in: hFindFile=0x601900, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfabfcd50, ftCreationTime.dwHighDateTime=0x1d9a687, ftLastAccessTime.dwLowDateTime=0x3d10bd0, ftLastAccessTime.dwHighDateTime=0x1d9b280, ftLastWriteTime.dwLowDateTime=0x3d10bd0, ftLastWriteTime.dwHighDateTime=0x1d9b280, nFileSizeHigh=0x0, nFileSizeLow=0xab40, dwReserved0=0x0, dwReserved1=0x0, cFileName="yBi 9SE89cn9.m4a", cAlternateFileName="YBI9SE~1.M4A")) returned 0 [0212.635] FindClose (in: hFindFile=0x601900 | out: hFindFile=0x601900) returned 1 [0212.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.636] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV", lpFilePart=0x0) returned 0x39 [0212.636] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV\\*.*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\lblbiv\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ac503b0, ftCreationTime.dwHighDateTime=0x1d9aad7, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x8469b940, ftLastWriteTime.dwHighDateTime=0x1d9ae9d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.636] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ac503b0, ftCreationTime.dwHighDateTime=0x1d9aad7, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x8469b940, ftLastWriteTime.dwHighDateTime=0x1d9ae9d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.636] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9ae6490, ftCreationTime.dwHighDateTime=0x1d9aca0, ftLastAccessTime.dwLowDateTime=0x88d24b20, ftLastAccessTime.dwHighDateTime=0x1d9b06c, ftLastWriteTime.dwLowDateTime=0x88d24b20, ftLastWriteTime.dwHighDateTime=0x1d9b06c, nFileSizeHigh=0x0, nFileSizeLow=0x16e0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="iC9-.wav", cAlternateFileName="")) returned 1 [0212.636] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x600a9880, ftCreationTime.dwHighDateTime=0x1d9a9a7, ftLastAccessTime.dwLowDateTime=0x89d98940, ftLastAccessTime.dwHighDateTime=0x1d9aebc, ftLastWriteTime.dwLowDateTime=0x89d98940, ftLastWriteTime.dwHighDateTime=0x1d9aebc, nFileSizeHigh=0x0, nFileSizeLow=0x7423, dwReserved0=0x0, dwReserved1=0x0, cFileName="jeXbzGh0ZoCI.wav", cAlternateFileName="JEXBZG~1.WAV")) returned 1 [0212.636] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5aa5e700, ftCreationTime.dwHighDateTime=0x1d9a812, ftLastAccessTime.dwLowDateTime=0x6dd6920, ftLastAccessTime.dwHighDateTime=0x1d9aea9, ftLastWriteTime.dwLowDateTime=0x6dd6920, ftLastWriteTime.dwHighDateTime=0x1d9aea9, nFileSizeHigh=0x0, nFileSizeLow=0xae14, dwReserved0=0x0, dwReserved1=0x0, cFileName="jmTQM.mp3", cAlternateFileName="")) returned 1 [0212.637] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.637] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.637] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV", lpFilePart=0x0) returned 0x39 [0212.638] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\cYW1VXatB-JI8vQr\\lbLbIV\\*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\cyw1vxatb-ji8vqr\\lblbiv\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ac503b0, ftCreationTime.dwHighDateTime=0x1d9aad7, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x8469b940, ftLastWriteTime.dwHighDateTime=0x1d9ae9d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.638] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ac503b0, ftCreationTime.dwHighDateTime=0x1d9aad7, ftLastAccessTime.dwLowDateTime=0xdf785702, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x8469b940, ftLastWriteTime.dwHighDateTime=0x1d9ae9d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.638] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9ae6490, ftCreationTime.dwHighDateTime=0x1d9aca0, ftLastAccessTime.dwLowDateTime=0x88d24b20, ftLastAccessTime.dwHighDateTime=0x1d9b06c, ftLastWriteTime.dwLowDateTime=0x88d24b20, ftLastWriteTime.dwHighDateTime=0x1d9b06c, nFileSizeHigh=0x0, nFileSizeLow=0x16e0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="iC9-.wav", cAlternateFileName="")) returned 1 [0212.638] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x600a9880, ftCreationTime.dwHighDateTime=0x1d9a9a7, ftLastAccessTime.dwLowDateTime=0x89d98940, ftLastAccessTime.dwHighDateTime=0x1d9aebc, ftLastWriteTime.dwLowDateTime=0x89d98940, ftLastWriteTime.dwHighDateTime=0x1d9aebc, nFileSizeHigh=0x0, nFileSizeLow=0x7423, dwReserved0=0x0, dwReserved1=0x0, cFileName="jeXbzGh0ZoCI.wav", cAlternateFileName="JEXBZG~1.WAV")) returned 1 [0212.638] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5aa5e700, ftCreationTime.dwHighDateTime=0x1d9a812, ftLastAccessTime.dwLowDateTime=0x6dd6920, ftLastAccessTime.dwHighDateTime=0x1d9aea9, ftLastWriteTime.dwLowDateTime=0x6dd6920, ftLastWriteTime.dwHighDateTime=0x1d9aea9, nFileSizeHigh=0x0, nFileSizeLow=0xae14, dwReserved0=0x0, dwReserved1=0x0, cFileName="jmTQM.mp3", cAlternateFileName="")) returned 1 [0212.638] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5aa5e700, ftCreationTime.dwHighDateTime=0x1d9a812, ftLastAccessTime.dwLowDateTime=0x6dd6920, ftLastAccessTime.dwHighDateTime=0x1d9aea9, ftLastWriteTime.dwLowDateTime=0x6dd6920, ftLastWriteTime.dwHighDateTime=0x1d9aea9, nFileSizeHigh=0x0, nFileSizeLow=0xae14, dwReserved0=0x0, dwReserved1=0x0, cFileName="jmTQM.mp3", cAlternateFileName="")) returned 0 [0212.638] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0212.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.639] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd", lpFilePart=0x0) returned 0x36 [0212.639] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\*.*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x945e98b0, ftCreationTime.dwHighDateTime=0x1d9a9c1, ftLastAccessTime.dwLowDateTime=0xee467c8d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4e683050, ftLastWriteTime.dwHighDateTime=0x1d9ac37, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.639] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x945e98b0, ftCreationTime.dwHighDateTime=0x1d9a9c1, ftLastAccessTime.dwLowDateTime=0xee467c8d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4e683050, ftLastWriteTime.dwHighDateTime=0x1d9ac37, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.639] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3776e0d0, ftCreationTime.dwHighDateTime=0x1d9b1cd, ftLastAccessTime.dwLowDateTime=0xf0ddff33, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xb4728d40, ftLastWriteTime.dwHighDateTime=0x1d9b20f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dvC8ktwxOFj7", cAlternateFileName="DVC8KT~1")) returned 1 [0212.640] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b5674d0, ftCreationTime.dwHighDateTime=0x1d9b4c8, ftLastAccessTime.dwLowDateTime=0x5d9d9890, ftLastAccessTime.dwHighDateTime=0x1d9b50a, ftLastWriteTime.dwLowDateTime=0x5d9d9890, ftLastWriteTime.dwHighDateTime=0x1d9b50a, nFileSizeHigh=0x0, nFileSizeLow=0xe24d, dwReserved0=0x0, dwReserved1=0x0, cFileName="g_p-IrlcFQUkTY.m4a", cAlternateFileName="G_P-IR~1.M4A")) returned 1 [0212.640] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39567bb0, ftCreationTime.dwHighDateTime=0x1d9b38d, ftLastAccessTime.dwLowDateTime=0xdc568800, ftLastAccessTime.dwHighDateTime=0x1d9b4e1, ftLastWriteTime.dwLowDateTime=0xdc568800, ftLastWriteTime.dwHighDateTime=0x1d9b4e1, nFileSizeHigh=0x0, nFileSizeLow=0x932c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jx2X9GUgVUSuTh6krwR.mp3", cAlternateFileName="JX2X9G~1.MP3")) returned 1 [0212.640] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64e603d0, ftCreationTime.dwHighDateTime=0x1d9a9de, ftLastAccessTime.dwLowDateTime=0x3cbdc820, ftLastAccessTime.dwHighDateTime=0x1d9aa01, ftLastWriteTime.dwLowDateTime=0x3cbdc820, ftLastWriteTime.dwHighDateTime=0x1d9aa01, nFileSizeHigh=0x0, nFileSizeLow=0x16f27, dwReserved0=0x0, dwReserved1=0x0, cFileName="QShGGz7.m4a", cAlternateFileName="")) returned 1 [0212.640] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x119bdb30, ftCreationTime.dwHighDateTime=0x1d9ace7, ftLastAccessTime.dwLowDateTime=0xca1faa0, ftLastAccessTime.dwHighDateTime=0x1d9b2bf, ftLastWriteTime.dwLowDateTime=0xca1faa0, ftLastWriteTime.dwHighDateTime=0x1d9b2bf, nFileSizeHigh=0x0, nFileSizeLow=0x165f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="RbcuR6IwC169MePgqx.m4a", cAlternateFileName="RBCUR6~1.M4A")) returned 1 [0212.640] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f5d7e0, ftCreationTime.dwHighDateTime=0x1d9a7be, ftLastAccessTime.dwLowDateTime=0xf851d9c0, ftLastAccessTime.dwHighDateTime=0x1d9b55d, ftLastWriteTime.dwLowDateTime=0xf851d9c0, ftLastWriteTime.dwHighDateTime=0x1d9b55d, nFileSizeHigh=0x0, nFileSizeLow=0x93f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="RYZ5Kw2K S-JSPu.mp3", cAlternateFileName="RYZ5KW~1.MP3")) returned 1 [0212.640] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1da92b00, ftCreationTime.dwHighDateTime=0x1d9a4fc, ftLastAccessTime.dwLowDateTime=0x5b07f600, ftLastAccessTime.dwHighDateTime=0x1d9b4bc, ftLastWriteTime.dwLowDateTime=0x5b07f600, ftLastWriteTime.dwHighDateTime=0x1d9b4bc, nFileSizeHigh=0x0, nFileSizeLow=0x6cbd, dwReserved0=0x0, dwReserved1=0x0, cFileName="tl3dSXVWva88hzOZY88.wav", cAlternateFileName="TL3DSX~1.WAV")) returned 1 [0212.640] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc58d75b0, ftCreationTime.dwHighDateTime=0x1d9ab3c, ftLastAccessTime.dwLowDateTime=0x48c17680, ftLastAccessTime.dwHighDateTime=0x1d9b497, ftLastWriteTime.dwLowDateTime=0x48c17680, ftLastWriteTime.dwHighDateTime=0x1d9b497, nFileSizeHigh=0x0, nFileSizeLow=0x1583d, dwReserved0=0x0, dwReserved1=0x0, cFileName="yfTzi8OZD.mp3", cAlternateFileName="YFTZI8~1.MP3")) returned 1 [0212.640] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.640] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0212.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0212.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.641] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd", lpFilePart=0x0) returned 0x36 [0212.641] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x945e98b0, ftCreationTime.dwHighDateTime=0x1d9a9c1, ftLastAccessTime.dwLowDateTime=0xee467c8d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4e683050, ftLastWriteTime.dwHighDateTime=0x1d9ac37, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0212.641] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x945e98b0, ftCreationTime.dwHighDateTime=0x1d9a9c1, ftLastAccessTime.dwLowDateTime=0xee467c8d, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x4e683050, ftLastWriteTime.dwHighDateTime=0x1d9ac37, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.641] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3776e0d0, ftCreationTime.dwHighDateTime=0x1d9b1cd, ftLastAccessTime.dwLowDateTime=0xf0ddff33, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xb4728d40, ftLastWriteTime.dwHighDateTime=0x1d9b20f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dvC8ktwxOFj7", cAlternateFileName="DVC8KT~1")) returned 1 [0212.641] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b5674d0, ftCreationTime.dwHighDateTime=0x1d9b4c8, ftLastAccessTime.dwLowDateTime=0x5d9d9890, ftLastAccessTime.dwHighDateTime=0x1d9b50a, ftLastWriteTime.dwLowDateTime=0x5d9d9890, ftLastWriteTime.dwHighDateTime=0x1d9b50a, nFileSizeHigh=0x0, nFileSizeLow=0xe24d, dwReserved0=0x0, dwReserved1=0x0, cFileName="g_p-IrlcFQUkTY.m4a", cAlternateFileName="G_P-IR~1.M4A")) returned 1 [0212.641] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39567bb0, ftCreationTime.dwHighDateTime=0x1d9b38d, ftLastAccessTime.dwLowDateTime=0xdc568800, ftLastAccessTime.dwHighDateTime=0x1d9b4e1, ftLastWriteTime.dwLowDateTime=0xdc568800, ftLastWriteTime.dwHighDateTime=0x1d9b4e1, nFileSizeHigh=0x0, nFileSizeLow=0x932c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jx2X9GUgVUSuTh6krwR.mp3", cAlternateFileName="JX2X9G~1.MP3")) returned 1 [0212.641] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64e603d0, ftCreationTime.dwHighDateTime=0x1d9a9de, ftLastAccessTime.dwLowDateTime=0x3cbdc820, ftLastAccessTime.dwHighDateTime=0x1d9aa01, ftLastWriteTime.dwLowDateTime=0x3cbdc820, ftLastWriteTime.dwHighDateTime=0x1d9aa01, nFileSizeHigh=0x0, nFileSizeLow=0x16f27, dwReserved0=0x0, dwReserved1=0x0, cFileName="QShGGz7.m4a", cAlternateFileName="")) returned 1 [0212.642] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x119bdb30, ftCreationTime.dwHighDateTime=0x1d9ace7, ftLastAccessTime.dwLowDateTime=0xca1faa0, ftLastAccessTime.dwHighDateTime=0x1d9b2bf, ftLastWriteTime.dwLowDateTime=0xca1faa0, ftLastWriteTime.dwHighDateTime=0x1d9b2bf, nFileSizeHigh=0x0, nFileSizeLow=0x165f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="RbcuR6IwC169MePgqx.m4a", cAlternateFileName="RBCUR6~1.M4A")) returned 1 [0212.642] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f5d7e0, ftCreationTime.dwHighDateTime=0x1d9a7be, ftLastAccessTime.dwLowDateTime=0xf851d9c0, ftLastAccessTime.dwHighDateTime=0x1d9b55d, ftLastWriteTime.dwLowDateTime=0xf851d9c0, ftLastWriteTime.dwHighDateTime=0x1d9b55d, nFileSizeHigh=0x0, nFileSizeLow=0x93f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="RYZ5Kw2K S-JSPu.mp3", cAlternateFileName="RYZ5KW~1.MP3")) returned 1 [0212.642] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1da92b00, ftCreationTime.dwHighDateTime=0x1d9a4fc, ftLastAccessTime.dwLowDateTime=0x5b07f600, ftLastAccessTime.dwHighDateTime=0x1d9b4bc, ftLastWriteTime.dwLowDateTime=0x5b07f600, ftLastWriteTime.dwHighDateTime=0x1d9b4bc, nFileSizeHigh=0x0, nFileSizeLow=0x6cbd, dwReserved0=0x0, dwReserved1=0x0, cFileName="tl3dSXVWva88hzOZY88.wav", cAlternateFileName="TL3DSX~1.WAV")) returned 1 [0212.642] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc58d75b0, ftCreationTime.dwHighDateTime=0x1d9ab3c, ftLastAccessTime.dwLowDateTime=0x48c17680, ftLastAccessTime.dwHighDateTime=0x1d9b497, ftLastWriteTime.dwLowDateTime=0x48c17680, ftLastWriteTime.dwHighDateTime=0x1d9b497, nFileSizeHigh=0x0, nFileSizeLow=0x1583d, dwReserved0=0x0, dwReserved1=0x0, cFileName="yfTzi8OZD.mp3", cAlternateFileName="YFTZI8~1.MP3")) returned 1 [0212.642] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc58d75b0, ftCreationTime.dwHighDateTime=0x1d9ab3c, ftLastAccessTime.dwLowDateTime=0x48c17680, ftLastAccessTime.dwHighDateTime=0x1d9b497, ftLastWriteTime.dwLowDateTime=0x48c17680, ftLastWriteTime.dwHighDateTime=0x1d9b497, nFileSizeHigh=0x0, nFileSizeLow=0x1583d, dwReserved0=0x0, dwReserved1=0x0, cFileName="yfTzi8OZD.mp3", cAlternateFileName="YFTZI8~1.MP3")) returned 0 [0212.642] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0212.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0212.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0212.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.642] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7", lpFilePart=0x0) returned 0x43 [0212.643] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7\\*.*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\dvc8ktwxofj7\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3776e0d0, ftCreationTime.dwHighDateTime=0x1d9b1cd, ftLastAccessTime.dwLowDateTime=0xf0ddff33, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xb4728d40, ftLastWriteTime.dwHighDateTime=0x1d9b20f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6015a0 [0212.643] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3776e0d0, ftCreationTime.dwHighDateTime=0x1d9b1cd, ftLastAccessTime.dwLowDateTime=0xf0ddff33, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xb4728d40, ftLastWriteTime.dwHighDateTime=0x1d9b20f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.643] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2b07480, ftCreationTime.dwHighDateTime=0x1d9a5be, ftLastAccessTime.dwLowDateTime=0x44a34a0, ftLastAccessTime.dwHighDateTime=0x1d9b50b, ftLastWriteTime.dwLowDateTime=0x44a34a0, ftLastWriteTime.dwHighDateTime=0x1d9b50b, nFileSizeHigh=0x0, nFileSizeLow=0x3c82, dwReserved0=0x0, dwReserved1=0x0, cFileName="m1Aqt8kzZJtP_IL.m4a", cAlternateFileName="M1AQT8~1.M4A")) returned 1 [0212.643] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a238120, ftCreationTime.dwHighDateTime=0x1d9a9cd, ftLastAccessTime.dwLowDateTime=0x673f9550, ftLastAccessTime.dwHighDateTime=0x1d9aeee, ftLastWriteTime.dwLowDateTime=0x673f9550, ftLastWriteTime.dwHighDateTime=0x1d9aeee, nFileSizeHigh=0x0, nFileSizeLow=0x1591, dwReserved0=0x0, dwReserved1=0x0, cFileName="m1FI2FSO6c8hj.mp3", cAlternateFileName="M1FI2F~1.MP3")) returned 1 [0212.643] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29d5ad20, ftCreationTime.dwHighDateTime=0x1d9b2be, ftLastAccessTime.dwLowDateTime=0x1321a060, ftLastAccessTime.dwHighDateTime=0x1d9b404, ftLastWriteTime.dwLowDateTime=0x1321a060, ftLastWriteTime.dwHighDateTime=0x1d9b404, nFileSizeHigh=0x0, nFileSizeLow=0xebe7, dwReserved0=0x0, dwReserved1=0x0, cFileName="pha3g17AeuwCIpEM.m4a", cAlternateFileName="PHA3G1~1.M4A")) returned 1 [0212.643] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c5b00b0, ftCreationTime.dwHighDateTime=0x1d9b2b1, ftLastAccessTime.dwLowDateTime=0x7f1dea20, ftLastAccessTime.dwHighDateTime=0x1d9b45f, ftLastWriteTime.dwLowDateTime=0x7f1dea20, ftLastWriteTime.dwHighDateTime=0x1d9b45f, nFileSizeHigh=0x0, nFileSizeLow=0xba7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="v_61Z.m4a", cAlternateFileName="")) returned 1 [0212.644] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd70ab2d0, ftCreationTime.dwHighDateTime=0x1d9ad03, ftLastAccessTime.dwLowDateTime=0x2f25f870, ftLastAccessTime.dwHighDateTime=0x1d9af12, ftLastWriteTime.dwLowDateTime=0x2f25f870, ftLastWriteTime.dwHighDateTime=0x1d9af12, nFileSizeHigh=0x0, nFileSizeLow=0xecbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="_gifywna0ZIoG6X.m4a", cAlternateFileName="_GIFYW~1.M4A")) returned 1 [0212.644] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.644] FindClose (in: hFindFile=0x6015a0 | out: hFindFile=0x6015a0) returned 1 [0212.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.644] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7", lpFilePart=0x0) returned 0x43 [0212.645] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Music\\fKXZPFzU\\LUnjpDpKTSnQmwR3f6Nd\\dvC8ktwxOFj7\\*" (normalized: "c:\\users\\oqxzraykm\\music\\fkxzpfzu\\lunjpdpktsnqmwr3f6nd\\dvc8ktwxofj7\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3776e0d0, ftCreationTime.dwHighDateTime=0x1d9b1cd, ftLastAccessTime.dwLowDateTime=0xf0ddff33, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xb4728d40, ftLastWriteTime.dwHighDateTime=0x1d9b20f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a80 [0212.645] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3776e0d0, ftCreationTime.dwHighDateTime=0x1d9b1cd, ftLastAccessTime.dwLowDateTime=0xf0ddff33, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xb4728d40, ftLastWriteTime.dwHighDateTime=0x1d9b20f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.645] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2b07480, ftCreationTime.dwHighDateTime=0x1d9a5be, ftLastAccessTime.dwLowDateTime=0x44a34a0, ftLastAccessTime.dwHighDateTime=0x1d9b50b, ftLastWriteTime.dwLowDateTime=0x44a34a0, ftLastWriteTime.dwHighDateTime=0x1d9b50b, nFileSizeHigh=0x0, nFileSizeLow=0x3c82, dwReserved0=0x0, dwReserved1=0x0, cFileName="m1Aqt8kzZJtP_IL.m4a", cAlternateFileName="M1AQT8~1.M4A")) returned 1 [0212.645] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a238120, ftCreationTime.dwHighDateTime=0x1d9a9cd, ftLastAccessTime.dwLowDateTime=0x673f9550, ftLastAccessTime.dwHighDateTime=0x1d9aeee, ftLastWriteTime.dwLowDateTime=0x673f9550, ftLastWriteTime.dwHighDateTime=0x1d9aeee, nFileSizeHigh=0x0, nFileSizeLow=0x1591, dwReserved0=0x0, dwReserved1=0x0, cFileName="m1FI2FSO6c8hj.mp3", cAlternateFileName="M1FI2F~1.MP3")) returned 1 [0212.645] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29d5ad20, ftCreationTime.dwHighDateTime=0x1d9b2be, ftLastAccessTime.dwLowDateTime=0x1321a060, ftLastAccessTime.dwHighDateTime=0x1d9b404, ftLastWriteTime.dwLowDateTime=0x1321a060, ftLastWriteTime.dwHighDateTime=0x1d9b404, nFileSizeHigh=0x0, nFileSizeLow=0xebe7, dwReserved0=0x0, dwReserved1=0x0, cFileName="pha3g17AeuwCIpEM.m4a", cAlternateFileName="PHA3G1~1.M4A")) returned 1 [0212.645] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c5b00b0, ftCreationTime.dwHighDateTime=0x1d9b2b1, ftLastAccessTime.dwLowDateTime=0x7f1dea20, ftLastAccessTime.dwHighDateTime=0x1d9b45f, ftLastWriteTime.dwLowDateTime=0x7f1dea20, ftLastWriteTime.dwHighDateTime=0x1d9b45f, nFileSizeHigh=0x0, nFileSizeLow=0xba7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="v_61Z.m4a", cAlternateFileName="")) returned 1 [0212.645] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd70ab2d0, ftCreationTime.dwHighDateTime=0x1d9ad03, ftLastAccessTime.dwLowDateTime=0x2f25f870, ftLastAccessTime.dwHighDateTime=0x1d9af12, ftLastWriteTime.dwLowDateTime=0x2f25f870, ftLastWriteTime.dwHighDateTime=0x1d9af12, nFileSizeHigh=0x0, nFileSizeLow=0xecbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="_gifywna0ZIoG6X.m4a", cAlternateFileName="_GIFYW~1.M4A")) returned 1 [0212.646] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd70ab2d0, ftCreationTime.dwHighDateTime=0x1d9ad03, ftLastAccessTime.dwLowDateTime=0x2f25f870, ftLastAccessTime.dwHighDateTime=0x1d9af12, ftLastWriteTime.dwLowDateTime=0x2f25f870, ftLastWriteTime.dwHighDateTime=0x1d9af12, nFileSizeHigh=0x0, nFileSizeLow=0xecbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="_gifywna0ZIoG6X.m4a", cAlternateFileName="_GIFYW~1.M4A")) returned 0 [0212.646] FindClose (in: hFindFile=0x601a80 | out: hFindFile=0x601a80) returned 1 [0212.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.646] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\My Documents", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\My Documents", lpFilePart=0x0) returned 0x1f [0212.646] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\My Documents\\*.*" (normalized: "c:\\users\\oqxzraykm\\my documents\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.653] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\NetHood", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\NetHood", lpFilePart=0x0) returned 0x1a [0212.653] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\NetHood\\*.*" (normalized: "c:\\users\\oqxzraykm\\nethood\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.663] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\OneDrive", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\OneDrive", lpFilePart=0x0) returned 0x1b [0212.664] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\OneDrive\\*.*" (normalized: "c:\\users\\oqxzraykm\\onedrive\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xbbb64156, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x52aba850, ftLastAccessTime.dwHighDateTime=0x1d94217, ftLastWriteTime.dwLowDateTime=0x52aba850, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.665] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xbbb64156, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x52aba850, ftLastAccessTime.dwHighDateTime=0x1d94217, ftLastWriteTime.dwLowDateTime=0x52aba850, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.665] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xbbb64156, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x52aba850, ftLastAccessTime.dwHighDateTime=0x1d94217, ftLastWriteTime.dwLowDateTime=0x52aba850, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.665] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0212.666] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.666] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.666] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.666] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\OneDrive", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\OneDrive", lpFilePart=0x0) returned 0x1b [0212.667] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\OneDrive\\*" (normalized: "c:\\users\\oqxzraykm\\onedrive\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xbbb64156, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x1324c708, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x52aba850, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600b80 [0212.667] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xbbb64156, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x1324c708, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x52aba850, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.668] FindNextFileW (in: hFindFile=0x600b80, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xbbb64156, ftCreationTime.dwHighDateTime=0x1d94212, ftLastAccessTime.dwLowDateTime=0x1324c708, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x52aba850, ftLastWriteTime.dwHighDateTime=0x1d94217, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0212.668] FindClose (in: hFindFile=0x600b80 | out: hFindFile=0x600b80) returned 1 [0212.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.668] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.668] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures", lpFilePart=0x0) returned 0x1b [0212.670] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\*.*" (normalized: "c:\\users\\oqxzraykm\\pictures\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd781e725, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b0e88aa, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0212.670] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd781e725, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b0e88aa, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.671] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8e65a30, ftCreationTime.dwHighDateTime=0x1d9ad36, ftLastAccessTime.dwLowDateTime=0xdb5d360, ftLastAccessTime.dwHighDateTime=0x1d9b3b6, ftLastWriteTime.dwLowDateTime=0xdb5d360, ftLastWriteTime.dwHighDateTime=0x1d9b3b6, nFileSizeHigh=0x0, nFileSizeLow=0x14c2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="9bAP9Uzx.jpg", cAlternateFileName="")) returned 1 [0212.671] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7ac7f40, ftCreationTime.dwHighDateTime=0x1d9ac19, ftLastAccessTime.dwLowDateTime=0xde498df7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x970897a0, ftLastWriteTime.dwHighDateTime=0x1d9afe3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BlfnUP", cAlternateFileName="")) returned 1 [0212.672] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xf0f7812a, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xf0f7812a, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xf0f9e3e0, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Camera Roll", cAlternateFileName="CAMERA~1")) returned 1 [0212.672] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51ad30a4, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd781e725, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51b1f549, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.675] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a8af7b0, ftCreationTime.dwHighDateTime=0x1d9b379, ftLastAccessTime.dwLowDateTime=0xdf94f3f2, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xec35f370, ftLastWriteTime.dwHighDateTime=0x1d9b412, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gMmQ7sMpVxP4WwXZrp", cAlternateFileName="GMMQ7S~1")) returned 1 [0212.675] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99662b70, ftCreationTime.dwHighDateTime=0x1d9a9a8, ftLastAccessTime.dwLowDateTime=0x3cb31f30, ftLastAccessTime.dwHighDateTime=0x1d9abc1, ftLastWriteTime.dwLowDateTime=0x3cb31f30, ftLastWriteTime.dwHighDateTime=0x1d9abc1, nFileSizeHigh=0x0, nFileSizeLow=0xc5de, dwReserved0=0x0, dwReserved1=0x0, cFileName="PqsS9Gq RHGz.gif", cAlternateFileName="PQSS9G~1.GIF")) returned 1 [0212.680] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe38b6580, ftCreationTime.dwHighDateTime=0x1d9b0ab, ftLastAccessTime.dwLowDateTime=0xd8141e6f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x184da6b0, ftLastWriteTime.dwHighDateTime=0x1d9b15c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rFTl6BSzg_", cAlternateFileName="RFTL6B~1")) returned 1 [0212.680] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc31f9b90, ftCreationTime.dwHighDateTime=0x1d9ac50, ftLastAccessTime.dwLowDateTime=0xbef39d0, ftLastAccessTime.dwHighDateTime=0x1d9ac87, ftLastWriteTime.dwLowDateTime=0xbef39d0, ftLastWriteTime.dwHighDateTime=0x1d9ac87, nFileSizeHigh=0x0, nFileSizeLow=0x14a9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="UP8au-zEVP8.gif", cAlternateFileName="UP8AU-~1.GIF")) returned 1 [0212.685] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33697f90, ftCreationTime.dwHighDateTime=0x1d9a640, ftLastAccessTime.dwLowDateTime=0x10b09390, ftLastAccessTime.dwHighDateTime=0x1d9afd6, ftLastWriteTime.dwLowDateTime=0x10b09390, ftLastWriteTime.dwHighDateTime=0x1d9afd6, nFileSizeHigh=0x0, nFileSizeLow=0x11952, dwReserved0=0x0, dwReserved1=0x0, cFileName="XJlr4B62K0xVJsS jZ.jpg", cAlternateFileName="XJLR4B~1.JPG")) returned 1 [0212.687] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.687] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0212.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.689] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures", lpFilePart=0x0) returned 0x1b [0212.691] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\*" (normalized: "c:\\users\\oqxzraykm\\pictures\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd781e725, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b0e88aa, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0212.691] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd781e725, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b0e88aa, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.692] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8e65a30, ftCreationTime.dwHighDateTime=0x1d9ad36, ftLastAccessTime.dwLowDateTime=0xdb5d360, ftLastAccessTime.dwHighDateTime=0x1d9b3b6, ftLastWriteTime.dwLowDateTime=0xdb5d360, ftLastWriteTime.dwHighDateTime=0x1d9b3b6, nFileSizeHigh=0x0, nFileSizeLow=0x14c2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="9bAP9Uzx.jpg", cAlternateFileName="")) returned 1 [0212.692] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7ac7f40, ftCreationTime.dwHighDateTime=0x1d9ac19, ftLastAccessTime.dwLowDateTime=0xde498df7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x970897a0, ftLastWriteTime.dwHighDateTime=0x1d9afe3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BlfnUP", cAlternateFileName="")) returned 1 [0212.692] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xf0f7812a, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xf0f7812a, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xf0f9e3e0, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Camera Roll", cAlternateFileName="CAMERA~1")) returned 1 [0212.693] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x51ad30a4, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd781e725, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51b1f549, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.693] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a8af7b0, ftCreationTime.dwHighDateTime=0x1d9b379, ftLastAccessTime.dwLowDateTime=0xdf94f3f2, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xec35f370, ftLastWriteTime.dwHighDateTime=0x1d9b412, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gMmQ7sMpVxP4WwXZrp", cAlternateFileName="GMMQ7S~1")) returned 1 [0212.693] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99662b70, ftCreationTime.dwHighDateTime=0x1d9a9a8, ftLastAccessTime.dwLowDateTime=0x3cb31f30, ftLastAccessTime.dwHighDateTime=0x1d9abc1, ftLastWriteTime.dwLowDateTime=0x3cb31f30, ftLastWriteTime.dwHighDateTime=0x1d9abc1, nFileSizeHigh=0x0, nFileSizeLow=0xc5de, dwReserved0=0x0, dwReserved1=0x0, cFileName="PqsS9Gq RHGz.gif", cAlternateFileName="PQSS9G~1.GIF")) returned 1 [0212.693] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe38b6580, ftCreationTime.dwHighDateTime=0x1d9b0ab, ftLastAccessTime.dwLowDateTime=0xd8141e6f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x184da6b0, ftLastWriteTime.dwHighDateTime=0x1d9b15c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rFTl6BSzg_", cAlternateFileName="RFTL6B~1")) returned 1 [0212.695] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc31f9b90, ftCreationTime.dwHighDateTime=0x1d9ac50, ftLastAccessTime.dwLowDateTime=0xbef39d0, ftLastAccessTime.dwHighDateTime=0x1d9ac87, ftLastWriteTime.dwLowDateTime=0xbef39d0, ftLastWriteTime.dwHighDateTime=0x1d9ac87, nFileSizeHigh=0x0, nFileSizeLow=0x14a9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="UP8au-zEVP8.gif", cAlternateFileName="UP8AU-~1.GIF")) returned 1 [0212.695] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33697f90, ftCreationTime.dwHighDateTime=0x1d9a640, ftLastAccessTime.dwLowDateTime=0x10b09390, ftLastAccessTime.dwHighDateTime=0x1d9afd6, ftLastWriteTime.dwLowDateTime=0x10b09390, ftLastWriteTime.dwHighDateTime=0x1d9afd6, nFileSizeHigh=0x0, nFileSizeLow=0x11952, dwReserved0=0x0, dwReserved1=0x0, cFileName="XJlr4B62K0xVJsS jZ.jpg", cAlternateFileName="XJLR4B~1.JPG")) returned 1 [0212.695] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33697f90, ftCreationTime.dwHighDateTime=0x1d9a640, ftLastAccessTime.dwLowDateTime=0x10b09390, ftLastAccessTime.dwHighDateTime=0x1d9afd6, ftLastWriteTime.dwLowDateTime=0x10b09390, ftLastWriteTime.dwHighDateTime=0x1d9afd6, nFileSizeHigh=0x0, nFileSizeLow=0x11952, dwReserved0=0x0, dwReserved1=0x0, cFileName="XJlr4B62K0xVJsS jZ.jpg", cAlternateFileName="XJLR4B~1.JPG")) returned 0 [0212.696] FindClose (in: hFindFile=0x600d60 | out: hFindFile=0x600d60) returned 1 [0212.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.697] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP", lpFilePart=0x0) returned 0x22 [0212.698] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\*.*" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7ac7f40, ftCreationTime.dwHighDateTime=0x1d9ac19, ftLastAccessTime.dwLowDateTime=0xde498df7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x970897a0, ftLastWriteTime.dwHighDateTime=0x1d9afe3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0212.699] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7ac7f40, ftCreationTime.dwHighDateTime=0x1d9ac19, ftLastAccessTime.dwLowDateTime=0xde498df7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x970897a0, ftLastWriteTime.dwHighDateTime=0x1d9afe3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.699] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69c2c8f0, ftCreationTime.dwHighDateTime=0x1d9a9b8, ftLastAccessTime.dwLowDateTime=0xeadfdc50, ftLastAccessTime.dwHighDateTime=0x1d9b180, ftLastWriteTime.dwLowDateTime=0xeadfdc50, ftLastWriteTime.dwHighDateTime=0x1d9b180, nFileSizeHigh=0x0, nFileSizeLow=0x4b80, dwReserved0=0x0, dwReserved1=0x0, cFileName="167VqDu0.png", cAlternateFileName="")) returned 1 [0212.700] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf51cfb90, ftCreationTime.dwHighDateTime=0x1d9aa3b, ftLastAccessTime.dwLowDateTime=0x42cc25a0, ftLastAccessTime.dwHighDateTime=0x1d9aa6e, ftLastWriteTime.dwLowDateTime=0x42cc25a0, ftLastWriteTime.dwHighDateTime=0x1d9aa6e, nFileSizeHigh=0x0, nFileSizeLow=0xf1ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="3oUk3Xp.bmp", cAlternateFileName="")) returned 1 [0212.703] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77b6e7b0, ftCreationTime.dwHighDateTime=0x1d9b2c4, ftLastAccessTime.dwLowDateTime=0xc95cb240, ftLastAccessTime.dwHighDateTime=0x1d9b2f4, ftLastWriteTime.dwLowDateTime=0xc95cb240, ftLastWriteTime.dwHighDateTime=0x1d9b2f4, nFileSizeHigh=0x0, nFileSizeLow=0x1765c, dwReserved0=0x0, dwReserved1=0x0, cFileName="aXS6vb.jpg", cAlternateFileName="")) returned 1 [0212.703] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefb1c4a0, ftCreationTime.dwHighDateTime=0x1d9a528, ftLastAccessTime.dwLowDateTime=0xa4fb4500, ftLastAccessTime.dwHighDateTime=0x1d9a652, ftLastWriteTime.dwLowDateTime=0xa4fb4500, ftLastWriteTime.dwHighDateTime=0x1d9a652, nFileSizeHigh=0x0, nFileSizeLow=0xf734, dwReserved0=0x0, dwReserved1=0x0, cFileName="BG-3Ru.bmp", cAlternateFileName="")) returned 1 [0212.705] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c2f3150, ftCreationTime.dwHighDateTime=0x1d9a882, ftLastAccessTime.dwLowDateTime=0x5ef385a0, ftLastAccessTime.dwHighDateTime=0x1d9ab88, ftLastWriteTime.dwLowDateTime=0x5ef385a0, ftLastWriteTime.dwHighDateTime=0x1d9ab88, nFileSizeHigh=0x0, nFileSizeLow=0x858e, dwReserved0=0x0, dwReserved1=0x0, cFileName="l_tj4.png", cAlternateFileName="")) returned 1 [0212.706] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.707] FindClose (in: hFindFile=0x601000 | out: hFindFile=0x601000) returned 1 [0212.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.707] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP", lpFilePart=0x0) returned 0x22 [0212.708] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\BlfnUP\\*" (normalized: "c:\\users\\oqxzraykm\\pictures\\blfnup\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7ac7f40, ftCreationTime.dwHighDateTime=0x1d9ac19, ftLastAccessTime.dwLowDateTime=0xde498df7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x970897a0, ftLastWriteTime.dwHighDateTime=0x1d9afe3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601420 [0212.709] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7ac7f40, ftCreationTime.dwHighDateTime=0x1d9ac19, ftLastAccessTime.dwLowDateTime=0xde498df7, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x970897a0, ftLastWriteTime.dwHighDateTime=0x1d9afe3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.709] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69c2c8f0, ftCreationTime.dwHighDateTime=0x1d9a9b8, ftLastAccessTime.dwLowDateTime=0xeadfdc50, ftLastAccessTime.dwHighDateTime=0x1d9b180, ftLastWriteTime.dwLowDateTime=0xeadfdc50, ftLastWriteTime.dwHighDateTime=0x1d9b180, nFileSizeHigh=0x0, nFileSizeLow=0x4b80, dwReserved0=0x0, dwReserved1=0x0, cFileName="167VqDu0.png", cAlternateFileName="")) returned 1 [0212.709] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf51cfb90, ftCreationTime.dwHighDateTime=0x1d9aa3b, ftLastAccessTime.dwLowDateTime=0x42cc25a0, ftLastAccessTime.dwHighDateTime=0x1d9aa6e, ftLastWriteTime.dwLowDateTime=0x42cc25a0, ftLastWriteTime.dwHighDateTime=0x1d9aa6e, nFileSizeHigh=0x0, nFileSizeLow=0xf1ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="3oUk3Xp.bmp", cAlternateFileName="")) returned 1 [0212.710] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77b6e7b0, ftCreationTime.dwHighDateTime=0x1d9b2c4, ftLastAccessTime.dwLowDateTime=0xc95cb240, ftLastAccessTime.dwHighDateTime=0x1d9b2f4, ftLastWriteTime.dwLowDateTime=0xc95cb240, ftLastWriteTime.dwHighDateTime=0x1d9b2f4, nFileSizeHigh=0x0, nFileSizeLow=0x1765c, dwReserved0=0x0, dwReserved1=0x0, cFileName="aXS6vb.jpg", cAlternateFileName="")) returned 1 [0212.710] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefb1c4a0, ftCreationTime.dwHighDateTime=0x1d9a528, ftLastAccessTime.dwLowDateTime=0xa4fb4500, ftLastAccessTime.dwHighDateTime=0x1d9a652, ftLastWriteTime.dwLowDateTime=0xa4fb4500, ftLastWriteTime.dwHighDateTime=0x1d9a652, nFileSizeHigh=0x0, nFileSizeLow=0xf734, dwReserved0=0x0, dwReserved1=0x0, cFileName="BG-3Ru.bmp", cAlternateFileName="")) returned 1 [0212.710] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c2f3150, ftCreationTime.dwHighDateTime=0x1d9a882, ftLastAccessTime.dwLowDateTime=0x5ef385a0, ftLastAccessTime.dwHighDateTime=0x1d9ab88, ftLastWriteTime.dwLowDateTime=0x5ef385a0, ftLastWriteTime.dwHighDateTime=0x1d9ab88, nFileSizeHigh=0x0, nFileSizeLow=0x858e, dwReserved0=0x0, dwReserved1=0x0, cFileName="l_tj4.png", cAlternateFileName="")) returned 1 [0212.710] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c2f3150, ftCreationTime.dwHighDateTime=0x1d9a882, ftLastAccessTime.dwLowDateTime=0x5ef385a0, ftLastAccessTime.dwHighDateTime=0x1d9ab88, ftLastWriteTime.dwLowDateTime=0x5ef385a0, ftLastWriteTime.dwHighDateTime=0x1d9ab88, nFileSizeHigh=0x0, nFileSizeLow=0x858e, dwReserved0=0x0, dwReserved1=0x0, cFileName="l_tj4.png", cAlternateFileName="")) returned 0 [0212.711] FindClose (in: hFindFile=0x601420 | out: hFindFile=0x601420) returned 1 [0212.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.711] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\Camera Roll", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\Camera Roll", lpFilePart=0x0) returned 0x27 [0212.712] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\Camera Roll\\*.*" (normalized: "c:\\users\\oqxzraykm\\pictures\\camera roll\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xf0f7812a, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xf0f7812a, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xf0f9e3e0, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0212.713] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xf0f7812a, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xf0f7812a, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xf0f9e3e0, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.713] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0xf0f7812a, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xf0f9e3e0, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xf0f9e3e0, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.715] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.715] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0212.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.715] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\Camera Roll", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\Camera Roll", lpFilePart=0x0) returned 0x27 [0212.717] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\Camera Roll\\*" (normalized: "c:\\users\\oqxzraykm\\pictures\\camera roll\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xf0f7812a, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0x132becd0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf0f9e3e0, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.717] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xf0f7812a, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0x132becd0, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xf0f9e3e0, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.717] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0xf0f7812a, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xf0f9e3e0, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xf0f9e3e0, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.717] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0xf0f7812a, ftCreationTime.dwHighDateTime=0x1d94211, ftLastAccessTime.dwLowDateTime=0xf0f9e3e0, ftLastAccessTime.dwHighDateTime=0x1d94211, ftLastWriteTime.dwLowDateTime=0xf0f9e3e0, ftLastWriteTime.dwHighDateTime=0x1d94211, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0212.718] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0212.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.718] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp", lpFilePart=0x0) returned 0x2e [0212.719] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\*.*" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a8af7b0, ftCreationTime.dwHighDateTime=0x1d9b379, ftLastAccessTime.dwLowDateTime=0xdf94f3f2, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xec35f370, ftLastWriteTime.dwHighDateTime=0x1d9b412, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0212.719] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a8af7b0, ftCreationTime.dwHighDateTime=0x1d9b379, ftLastAccessTime.dwLowDateTime=0xdf94f3f2, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xec35f370, ftLastWriteTime.dwHighDateTime=0x1d9b412, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.719] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4a199b0, ftCreationTime.dwHighDateTime=0x1d9a60c, ftLastAccessTime.dwLowDateTime=0xc318e800, ftLastAccessTime.dwHighDateTime=0x1d9b3a7, ftLastWriteTime.dwLowDateTime=0xc318e800, ftLastWriteTime.dwHighDateTime=0x1d9b3a7, nFileSizeHigh=0x0, nFileSizeLow=0x13e1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="6zSAXoBMshJ arRcZrD.png", cAlternateFileName="6ZSAXO~1.PNG")) returned 1 [0212.720] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb841320, ftCreationTime.dwHighDateTime=0x1d9af58, ftLastAccessTime.dwLowDateTime=0x7280d540, ftLastAccessTime.dwHighDateTime=0x1d9b52a, ftLastWriteTime.dwLowDateTime=0x7280d540, ftLastWriteTime.dwHighDateTime=0x1d9b52a, nFileSizeHigh=0x0, nFileSizeLow=0x11d0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="bxOJ-KchVEH.jpg", cAlternateFileName="BXOJ-K~1.JPG")) returned 1 [0212.720] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7363b490, ftCreationTime.dwHighDateTime=0x1d9b0df, ftLastAccessTime.dwLowDateTime=0x70becc00, ftLastAccessTime.dwHighDateTime=0x1d9b28f, ftLastWriteTime.dwLowDateTime=0x70becc00, ftLastWriteTime.dwHighDateTime=0x1d9b28f, nFileSizeHigh=0x0, nFileSizeLow=0xe2d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="fenqGAG3YChp.gif", cAlternateFileName="FENQGA~1.GIF")) returned 1 [0212.720] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe9bac30, ftCreationTime.dwHighDateTime=0x1d9af80, ftLastAccessTime.dwLowDateTime=0x3262f630, ftLastAccessTime.dwHighDateTime=0x1d9b1df, ftLastWriteTime.dwLowDateTime=0x3262f630, ftLastWriteTime.dwHighDateTime=0x1d9b1df, nFileSizeHigh=0x0, nFileSizeLow=0x18a6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="I-byl6.bmp", cAlternateFileName="")) returned 1 [0212.720] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd528ade0, ftCreationTime.dwHighDateTime=0x1d9a949, ftLastAccessTime.dwLowDateTime=0xdbd865b4, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xb8951460, ftLastWriteTime.dwHighDateTime=0x1d9aae9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mLpk6DQaJ9", cAlternateFileName="MLPK6D~1")) returned 1 [0212.720] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x704c74e0, ftCreationTime.dwHighDateTime=0x1d9aabd, ftLastAccessTime.dwLowDateTime=0xd0248620, ftLastAccessTime.dwHighDateTime=0x1d9afbb, ftLastWriteTime.dwLowDateTime=0xd0248620, ftLastWriteTime.dwHighDateTime=0x1d9afbb, nFileSizeHigh=0x0, nFileSizeLow=0x755a, dwReserved0=0x0, dwReserved1=0x0, cFileName="QCPL9rrlRNtbF01 0.bmp", cAlternateFileName="QCPL9R~1.BMP")) returned 1 [0212.720] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ab51fa0, ftCreationTime.dwHighDateTime=0x1d9b1f2, ftLastAccessTime.dwLowDateTime=0x7dbb8630, ftLastAccessTime.dwHighDateTime=0x1d9b2fa, ftLastWriteTime.dwLowDateTime=0x7dbb8630, ftLastWriteTime.dwHighDateTime=0x1d9b2fa, nFileSizeHigh=0x0, nFileSizeLow=0x16d10, dwReserved0=0x0, dwReserved1=0x0, cFileName="s6LOWfDyf84Fy2ur3.jpg", cAlternateFileName="S6LOWF~1.JPG")) returned 1 [0212.721] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.721] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0212.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.721] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp", lpFilePart=0x0) returned 0x2e [0212.723] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\*" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a8af7b0, ftCreationTime.dwHighDateTime=0x1d9b379, ftLastAccessTime.dwLowDateTime=0xdf94f3f2, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xec35f370, ftLastWriteTime.dwHighDateTime=0x1d9b412, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6015a0 [0212.723] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a8af7b0, ftCreationTime.dwHighDateTime=0x1d9b379, ftLastAccessTime.dwLowDateTime=0xdf94f3f2, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xec35f370, ftLastWriteTime.dwHighDateTime=0x1d9b412, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.723] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4a199b0, ftCreationTime.dwHighDateTime=0x1d9a60c, ftLastAccessTime.dwLowDateTime=0xc318e800, ftLastAccessTime.dwHighDateTime=0x1d9b3a7, ftLastWriteTime.dwLowDateTime=0xc318e800, ftLastWriteTime.dwHighDateTime=0x1d9b3a7, nFileSizeHigh=0x0, nFileSizeLow=0x13e1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="6zSAXoBMshJ arRcZrD.png", cAlternateFileName="6ZSAXO~1.PNG")) returned 1 [0212.723] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb841320, ftCreationTime.dwHighDateTime=0x1d9af58, ftLastAccessTime.dwLowDateTime=0x7280d540, ftLastAccessTime.dwHighDateTime=0x1d9b52a, ftLastWriteTime.dwLowDateTime=0x7280d540, ftLastWriteTime.dwHighDateTime=0x1d9b52a, nFileSizeHigh=0x0, nFileSizeLow=0x11d0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="bxOJ-KchVEH.jpg", cAlternateFileName="BXOJ-K~1.JPG")) returned 1 [0212.723] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7363b490, ftCreationTime.dwHighDateTime=0x1d9b0df, ftLastAccessTime.dwLowDateTime=0x70becc00, ftLastAccessTime.dwHighDateTime=0x1d9b28f, ftLastWriteTime.dwLowDateTime=0x70becc00, ftLastWriteTime.dwHighDateTime=0x1d9b28f, nFileSizeHigh=0x0, nFileSizeLow=0xe2d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="fenqGAG3YChp.gif", cAlternateFileName="FENQGA~1.GIF")) returned 1 [0212.723] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe9bac30, ftCreationTime.dwHighDateTime=0x1d9af80, ftLastAccessTime.dwLowDateTime=0x3262f630, ftLastAccessTime.dwHighDateTime=0x1d9b1df, ftLastWriteTime.dwLowDateTime=0x3262f630, ftLastWriteTime.dwHighDateTime=0x1d9b1df, nFileSizeHigh=0x0, nFileSizeLow=0x18a6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="I-byl6.bmp", cAlternateFileName="")) returned 1 [0212.723] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd528ade0, ftCreationTime.dwHighDateTime=0x1d9a949, ftLastAccessTime.dwLowDateTime=0xdbd865b4, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xb8951460, ftLastWriteTime.dwHighDateTime=0x1d9aae9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mLpk6DQaJ9", cAlternateFileName="MLPK6D~1")) returned 1 [0212.723] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x704c74e0, ftCreationTime.dwHighDateTime=0x1d9aabd, ftLastAccessTime.dwLowDateTime=0xd0248620, ftLastAccessTime.dwHighDateTime=0x1d9afbb, ftLastWriteTime.dwLowDateTime=0xd0248620, ftLastWriteTime.dwHighDateTime=0x1d9afbb, nFileSizeHigh=0x0, nFileSizeLow=0x755a, dwReserved0=0x0, dwReserved1=0x0, cFileName="QCPL9rrlRNtbF01 0.bmp", cAlternateFileName="QCPL9R~1.BMP")) returned 1 [0212.724] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ab51fa0, ftCreationTime.dwHighDateTime=0x1d9b1f2, ftLastAccessTime.dwLowDateTime=0x7dbb8630, ftLastAccessTime.dwHighDateTime=0x1d9b2fa, ftLastWriteTime.dwLowDateTime=0x7dbb8630, ftLastWriteTime.dwHighDateTime=0x1d9b2fa, nFileSizeHigh=0x0, nFileSizeLow=0x16d10, dwReserved0=0x0, dwReserved1=0x0, cFileName="s6LOWfDyf84Fy2ur3.jpg", cAlternateFileName="S6LOWF~1.JPG")) returned 1 [0212.724] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ab51fa0, ftCreationTime.dwHighDateTime=0x1d9b1f2, ftLastAccessTime.dwLowDateTime=0x7dbb8630, ftLastAccessTime.dwHighDateTime=0x1d9b2fa, ftLastWriteTime.dwLowDateTime=0x7dbb8630, ftLastWriteTime.dwHighDateTime=0x1d9b2fa, nFileSizeHigh=0x0, nFileSizeLow=0x16d10, dwReserved0=0x0, dwReserved1=0x0, cFileName="s6LOWfDyf84Fy2ur3.jpg", cAlternateFileName="S6LOWF~1.JPG")) returned 0 [0212.724] FindClose (in: hFindFile=0x6015a0 | out: hFindFile=0x6015a0) returned 1 [0212.724] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.724] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.724] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.724] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9", lpFilePart=0x0) returned 0x39 [0212.726] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\*.*" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\*.*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd528ade0, ftCreationTime.dwHighDateTime=0x1d9a949, ftLastAccessTime.dwLowDateTime=0xdbd865b4, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xb8951460, ftLastWriteTime.dwHighDateTime=0x1d9aae9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.727] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd528ade0, ftCreationTime.dwHighDateTime=0x1d9a949, ftLastAccessTime.dwLowDateTime=0xdbd865b4, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xb8951460, ftLastWriteTime.dwHighDateTime=0x1d9aae9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.727] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c9c7c10, ftCreationTime.dwHighDateTime=0x1d9b55a, ftLastAccessTime.dwLowDateTime=0xf94d29b0, ftLastAccessTime.dwHighDateTime=0x1d9b55d, ftLastWriteTime.dwLowDateTime=0xf94d29b0, ftLastWriteTime.dwHighDateTime=0x1d9b55d, nFileSizeHigh=0x0, nFileSizeLow=0x1a72, dwReserved0=0x0, dwReserved1=0x0, cFileName="-5Ui6BLg2cDEZ1aGZI_.gif", cAlternateFileName="-5UI6B~1.GIF")) returned 1 [0212.727] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98272360, ftCreationTime.dwHighDateTime=0x1d9b2ca, ftLastAccessTime.dwLowDateTime=0x54befb20, ftLastAccessTime.dwHighDateTime=0x1d9b43c, ftLastWriteTime.dwLowDateTime=0x54befb20, ftLastWriteTime.dwHighDateTime=0x1d9b43c, nFileSizeHigh=0x0, nFileSizeLow=0x15d86, dwReserved0=0x0, dwReserved1=0x0, cFileName="40MOvGfppj4bDSgoaCIa.png", cAlternateFileName="40MOVG~1.PNG")) returned 1 [0212.727] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb3bb2550, ftCreationTime.dwHighDateTime=0x1d9ad47, ftLastAccessTime.dwLowDateTime=0xe260df16, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x6dd3ebb0, ftLastWriteTime.dwHighDateTime=0x1d9b1cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AI-BTkK-C", cAlternateFileName="AI-BTK~1")) returned 1 [0212.727] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa264aa40, ftCreationTime.dwHighDateTime=0x1d9aba5, ftLastAccessTime.dwLowDateTime=0xbe0db400, ftLastAccessTime.dwHighDateTime=0x1d9ade7, ftLastWriteTime.dwLowDateTime=0xbe0db400, ftLastWriteTime.dwHighDateTime=0x1d9ade7, nFileSizeHigh=0x0, nFileSizeLow=0xeadc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chkad3-ROtdrHsoCUX.gif", cAlternateFileName="CHKAD3~1.GIF")) returned 1 [0212.728] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x974bf7d0, ftCreationTime.dwHighDateTime=0x1d9a9c5, ftLastAccessTime.dwLowDateTime=0x8f531740, ftLastAccessTime.dwHighDateTime=0x1d9af1d, ftLastWriteTime.dwLowDateTime=0x8f531740, ftLastWriteTime.dwHighDateTime=0x1d9af1d, nFileSizeHigh=0x0, nFileSizeLow=0x917e, dwReserved0=0x0, dwReserved1=0x0, cFileName="F5J9i2mP6f7Fg yEKZw4.gif", cAlternateFileName="F5J9I2~1.GIF")) returned 1 [0212.728] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ac3afb0, ftCreationTime.dwHighDateTime=0x1d9a8aa, ftLastAccessTime.dwLowDateTime=0xe684d070, ftLastAccessTime.dwHighDateTime=0x1d9afdc, ftLastWriteTime.dwLowDateTime=0xe684d070, ftLastWriteTime.dwHighDateTime=0x1d9afdc, nFileSizeHigh=0x0, nFileSizeLow=0x1cb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="ouGe8u.jpg", cAlternateFileName="")) returned 1 [0212.728] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a740460, ftCreationTime.dwHighDateTime=0x1d9a55b, ftLastAccessTime.dwLowDateTime=0xe48cff80, ftLastAccessTime.dwHighDateTime=0x1d9b186, ftLastWriteTime.dwLowDateTime=0xe48cff80, ftLastWriteTime.dwHighDateTime=0x1d9b186, nFileSizeHigh=0x0, nFileSizeLow=0x13db9, dwReserved0=0x0, dwReserved1=0x0, cFileName="qs6pMlaa5Rs-Y.png", cAlternateFileName="QS6PML~1.PNG")) returned 1 [0212.729] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x161b5af0, ftCreationTime.dwHighDateTime=0x1d9af7b, ftLastAccessTime.dwLowDateTime=0x36eabdc0, ftLastAccessTime.dwHighDateTime=0x1d9b38b, ftLastWriteTime.dwLowDateTime=0x36eabdc0, ftLastWriteTime.dwHighDateTime=0x1d9b38b, nFileSizeHigh=0x0, nFileSizeLow=0x16e69, dwReserved0=0x0, dwReserved1=0x0, cFileName="s2-K8n6SGy6b44.png", cAlternateFileName="S2-K8N~1.PNG")) returned 1 [0212.729] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa86dede0, ftCreationTime.dwHighDateTime=0x1d9b1d4, ftLastAccessTime.dwLowDateTime=0x18e4fa20, ftLastAccessTime.dwHighDateTime=0x1d9b3cc, ftLastWriteTime.dwLowDateTime=0x18e4fa20, ftLastWriteTime.dwHighDateTime=0x1d9b3cc, nFileSizeHigh=0x0, nFileSizeLow=0xeb8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="u7sDs2LZ.jpg", cAlternateFileName="")) returned 1 [0212.729] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcebf0 | out: lpFindFileData=0x1abcebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.729] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb18) returned 1 [0212.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced68) returned 1 [0212.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abced88) returned 1 [0212.730] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9", nBufferLength=0x105, lpBuffer=0x1abce830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9", lpFilePart=0x0) returned 0x39 [0212.731] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\*" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\*"), lpFindFileData=0x1abceb30 | out: lpFindFileData=0x1abceb30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd528ade0, ftCreationTime.dwHighDateTime=0x1d9a949, ftLastAccessTime.dwLowDateTime=0xdbd865b4, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xb8951460, ftLastWriteTime.dwHighDateTime=0x1d9aae9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601360 [0212.731] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd528ade0, ftCreationTime.dwHighDateTime=0x1d9a949, ftLastAccessTime.dwLowDateTime=0xdbd865b4, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xb8951460, ftLastWriteTime.dwHighDateTime=0x1d9aae9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.731] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c9c7c10, ftCreationTime.dwHighDateTime=0x1d9b55a, ftLastAccessTime.dwLowDateTime=0xf94d29b0, ftLastAccessTime.dwHighDateTime=0x1d9b55d, ftLastWriteTime.dwLowDateTime=0xf94d29b0, ftLastWriteTime.dwHighDateTime=0x1d9b55d, nFileSizeHigh=0x0, nFileSizeLow=0x1a72, dwReserved0=0x0, dwReserved1=0x0, cFileName="-5Ui6BLg2cDEZ1aGZI_.gif", cAlternateFileName="-5UI6B~1.GIF")) returned 1 [0212.731] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98272360, ftCreationTime.dwHighDateTime=0x1d9b2ca, ftLastAccessTime.dwLowDateTime=0x54befb20, ftLastAccessTime.dwHighDateTime=0x1d9b43c, ftLastWriteTime.dwLowDateTime=0x54befb20, ftLastWriteTime.dwHighDateTime=0x1d9b43c, nFileSizeHigh=0x0, nFileSizeLow=0x15d86, dwReserved0=0x0, dwReserved1=0x0, cFileName="40MOvGfppj4bDSgoaCIa.png", cAlternateFileName="40MOVG~1.PNG")) returned 1 [0212.731] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb3bb2550, ftCreationTime.dwHighDateTime=0x1d9ad47, ftLastAccessTime.dwLowDateTime=0xe260df16, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x6dd3ebb0, ftLastWriteTime.dwHighDateTime=0x1d9b1cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AI-BTkK-C", cAlternateFileName="AI-BTK~1")) returned 1 [0212.732] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa264aa40, ftCreationTime.dwHighDateTime=0x1d9aba5, ftLastAccessTime.dwLowDateTime=0xbe0db400, ftLastAccessTime.dwHighDateTime=0x1d9ade7, ftLastWriteTime.dwLowDateTime=0xbe0db400, ftLastWriteTime.dwHighDateTime=0x1d9ade7, nFileSizeHigh=0x0, nFileSizeLow=0xeadc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chkad3-ROtdrHsoCUX.gif", cAlternateFileName="CHKAD3~1.GIF")) returned 1 [0212.732] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x974bf7d0, ftCreationTime.dwHighDateTime=0x1d9a9c5, ftLastAccessTime.dwLowDateTime=0x8f531740, ftLastAccessTime.dwHighDateTime=0x1d9af1d, ftLastWriteTime.dwLowDateTime=0x8f531740, ftLastWriteTime.dwHighDateTime=0x1d9af1d, nFileSizeHigh=0x0, nFileSizeLow=0x917e, dwReserved0=0x0, dwReserved1=0x0, cFileName="F5J9i2mP6f7Fg yEKZw4.gif", cAlternateFileName="F5J9I2~1.GIF")) returned 1 [0212.732] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ac3afb0, ftCreationTime.dwHighDateTime=0x1d9a8aa, ftLastAccessTime.dwLowDateTime=0xe684d070, ftLastAccessTime.dwHighDateTime=0x1d9afdc, ftLastWriteTime.dwLowDateTime=0xe684d070, ftLastWriteTime.dwHighDateTime=0x1d9afdc, nFileSizeHigh=0x0, nFileSizeLow=0x1cb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="ouGe8u.jpg", cAlternateFileName="")) returned 1 [0212.732] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a740460, ftCreationTime.dwHighDateTime=0x1d9a55b, ftLastAccessTime.dwLowDateTime=0xe48cff80, ftLastAccessTime.dwHighDateTime=0x1d9b186, ftLastWriteTime.dwLowDateTime=0xe48cff80, ftLastWriteTime.dwHighDateTime=0x1d9b186, nFileSizeHigh=0x0, nFileSizeLow=0x13db9, dwReserved0=0x0, dwReserved1=0x0, cFileName="qs6pMlaa5Rs-Y.png", cAlternateFileName="QS6PML~1.PNG")) returned 1 [0212.732] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x161b5af0, ftCreationTime.dwHighDateTime=0x1d9af7b, ftLastAccessTime.dwLowDateTime=0x36eabdc0, ftLastAccessTime.dwHighDateTime=0x1d9b38b, ftLastWriteTime.dwLowDateTime=0x36eabdc0, ftLastWriteTime.dwHighDateTime=0x1d9b38b, nFileSizeHigh=0x0, nFileSizeLow=0x16e69, dwReserved0=0x0, dwReserved1=0x0, cFileName="s2-K8n6SGy6b44.png", cAlternateFileName="S2-K8N~1.PNG")) returned 1 [0212.732] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa86dede0, ftCreationTime.dwHighDateTime=0x1d9b1d4, ftLastAccessTime.dwLowDateTime=0x18e4fa20, ftLastAccessTime.dwHighDateTime=0x1d9b3cc, ftLastWriteTime.dwLowDateTime=0x18e4fa20, ftLastWriteTime.dwHighDateTime=0x1d9b3cc, nFileSizeHigh=0x0, nFileSizeLow=0xeb8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="u7sDs2LZ.jpg", cAlternateFileName="")) returned 1 [0212.732] FindNextFileW (in: hFindFile=0x601360, lpFindFileData=0x1abceb60 | out: lpFindFileData=0x1abceb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa86dede0, ftCreationTime.dwHighDateTime=0x1d9b1d4, ftLastAccessTime.dwLowDateTime=0x18e4fa20, ftLastAccessTime.dwHighDateTime=0x1d9b3cc, ftLastWriteTime.dwLowDateTime=0x18e4fa20, ftLastWriteTime.dwHighDateTime=0x1d9b3cc, nFileSizeHigh=0x0, nFileSizeLow=0xeb8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="u7sDs2LZ.jpg", cAlternateFileName="")) returned 0 [0212.732] FindClose (in: hFindFile=0x601360 | out: hFindFile=0x601360) returned 1 [0212.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea88) returned 1 [0212.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceca8) returned 1 [0212.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.733] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C", lpFilePart=0x0) returned 0x43 [0212.734] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\*.*" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\*.*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb3bb2550, ftCreationTime.dwHighDateTime=0x1d9ad47, ftLastAccessTime.dwLowDateTime=0xe260df16, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x6dd3ebb0, ftLastWriteTime.dwHighDateTime=0x1d9b1cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6012a0 [0212.734] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb3bb2550, ftCreationTime.dwHighDateTime=0x1d9ad47, ftLastAccessTime.dwLowDateTime=0xe260df16, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x6dd3ebb0, ftLastWriteTime.dwHighDateTime=0x1d9b1cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.734] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f1235b0, ftCreationTime.dwHighDateTime=0x1d9b409, ftLastAccessTime.dwLowDateTime=0x19cfd90, ftLastAccessTime.dwHighDateTime=0x1d9b41c, ftLastWriteTime.dwLowDateTime=0x19cfd90, ftLastWriteTime.dwHighDateTime=0x1d9b41c, nFileSizeHigh=0x0, nFileSizeLow=0xea9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="3mZ1.png", cAlternateFileName="")) returned 1 [0212.735] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecb6e10, ftCreationTime.dwHighDateTime=0x1d9a6fd, ftLastAccessTime.dwLowDateTime=0xe7b9e4b0, ftLastAccessTime.dwHighDateTime=0x1d9b042, ftLastWriteTime.dwLowDateTime=0xe7b9e4b0, ftLastWriteTime.dwHighDateTime=0x1d9b042, nFileSizeHigh=0x0, nFileSizeLow=0x9f4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="4JVJiWmKgWLlh.jpg", cAlternateFileName="4JVJIW~1.JPG")) returned 1 [0212.735] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x113555d0, ftCreationTime.dwHighDateTime=0x1d9a784, ftLastAccessTime.dwLowDateTime=0x7dafa2f0, ftLastAccessTime.dwHighDateTime=0x1d9ab31, ftLastWriteTime.dwLowDateTime=0x7dafa2f0, ftLastWriteTime.dwHighDateTime=0x1d9ab31, nFileSizeHigh=0x0, nFileSizeLow=0x18f9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="ikU4Z6NJTIS4CI7XUt.png", cAlternateFileName="IKU4Z6~1.PNG")) returned 1 [0212.735] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb5183f0, ftCreationTime.dwHighDateTime=0x1d9b0b0, ftLastAccessTime.dwLowDateTime=0xe27fdc41, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x45e92b0, ftLastWriteTime.dwHighDateTime=0x1d9b268, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="J7Kz7aXvYKxh-WWyGI", cAlternateFileName="J7KZ7A~1")) returned 1 [0212.735] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c20bcd0, ftCreationTime.dwHighDateTime=0x1d9adb4, ftLastAccessTime.dwLowDateTime=0x2669f260, ftLastAccessTime.dwHighDateTime=0x1d9b15e, ftLastWriteTime.dwLowDateTime=0x2669f260, ftLastWriteTime.dwHighDateTime=0x1d9b15e, nFileSizeHigh=0x0, nFileSizeLow=0xfc04, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wy7xkGTjTM8mqiSz.jpg", cAlternateFileName="WY7XKG~1.JPG")) returned 1 [0212.735] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcb97610, ftCreationTime.dwHighDateTime=0x1d9ad6e, ftLastAccessTime.dwLowDateTime=0x7858a1c0, ftLastAccessTime.dwHighDateTime=0x1d9ade9, ftLastWriteTime.dwLowDateTime=0x7858a1c0, ftLastWriteTime.dwHighDateTime=0x1d9ade9, nFileSizeHigh=0x0, nFileSizeLow=0x141bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="_BTL8MHlXibeA v6.jpg", cAlternateFileName="_BTL8M~1.JPG")) returned 1 [0212.735] FindNextFileW (in: hFindFile=0x6012a0, lpFindFileData=0x1abceaf0 | out: lpFindFileData=0x1abceaf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.736] FindClose (in: hFindFile=0x6012a0 | out: hFindFile=0x6012a0) returned 1 [0212.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcea18) returned 1 [0212.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec68) returned 1 [0212.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcec88) returned 1 [0212.736] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C", nBufferLength=0x105, lpBuffer=0x1abce730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C", lpFilePart=0x0) returned 0x43 [0212.737] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\*" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\*"), lpFindFileData=0x1abcea30 | out: lpFindFileData=0x1abcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb3bb2550, ftCreationTime.dwHighDateTime=0x1d9ad47, ftLastAccessTime.dwLowDateTime=0xe260df16, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x6dd3ebb0, ftLastWriteTime.dwHighDateTime=0x1d9b1cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0212.737] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb3bb2550, ftCreationTime.dwHighDateTime=0x1d9ad47, ftLastAccessTime.dwLowDateTime=0xe260df16, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x6dd3ebb0, ftLastWriteTime.dwHighDateTime=0x1d9b1cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.737] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f1235b0, ftCreationTime.dwHighDateTime=0x1d9b409, ftLastAccessTime.dwLowDateTime=0x19cfd90, ftLastAccessTime.dwHighDateTime=0x1d9b41c, ftLastWriteTime.dwLowDateTime=0x19cfd90, ftLastWriteTime.dwHighDateTime=0x1d9b41c, nFileSizeHigh=0x0, nFileSizeLow=0xea9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="3mZ1.png", cAlternateFileName="")) returned 1 [0212.738] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecb6e10, ftCreationTime.dwHighDateTime=0x1d9a6fd, ftLastAccessTime.dwLowDateTime=0xe7b9e4b0, ftLastAccessTime.dwHighDateTime=0x1d9b042, ftLastWriteTime.dwLowDateTime=0xe7b9e4b0, ftLastWriteTime.dwHighDateTime=0x1d9b042, nFileSizeHigh=0x0, nFileSizeLow=0x9f4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="4JVJiWmKgWLlh.jpg", cAlternateFileName="4JVJIW~1.JPG")) returned 1 [0212.738] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x113555d0, ftCreationTime.dwHighDateTime=0x1d9a784, ftLastAccessTime.dwLowDateTime=0x7dafa2f0, ftLastAccessTime.dwHighDateTime=0x1d9ab31, ftLastWriteTime.dwLowDateTime=0x7dafa2f0, ftLastWriteTime.dwHighDateTime=0x1d9ab31, nFileSizeHigh=0x0, nFileSizeLow=0x18f9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="ikU4Z6NJTIS4CI7XUt.png", cAlternateFileName="IKU4Z6~1.PNG")) returned 1 [0212.738] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb5183f0, ftCreationTime.dwHighDateTime=0x1d9b0b0, ftLastAccessTime.dwLowDateTime=0xe27fdc41, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x45e92b0, ftLastWriteTime.dwHighDateTime=0x1d9b268, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="J7Kz7aXvYKxh-WWyGI", cAlternateFileName="J7KZ7A~1")) returned 1 [0212.738] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c20bcd0, ftCreationTime.dwHighDateTime=0x1d9adb4, ftLastAccessTime.dwLowDateTime=0x2669f260, ftLastAccessTime.dwHighDateTime=0x1d9b15e, ftLastWriteTime.dwLowDateTime=0x2669f260, ftLastWriteTime.dwHighDateTime=0x1d9b15e, nFileSizeHigh=0x0, nFileSizeLow=0xfc04, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wy7xkGTjTM8mqiSz.jpg", cAlternateFileName="WY7XKG~1.JPG")) returned 1 [0212.738] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcb97610, ftCreationTime.dwHighDateTime=0x1d9ad6e, ftLastAccessTime.dwLowDateTime=0x7858a1c0, ftLastAccessTime.dwHighDateTime=0x1d9ade9, ftLastWriteTime.dwLowDateTime=0x7858a1c0, ftLastWriteTime.dwHighDateTime=0x1d9ade9, nFileSizeHigh=0x0, nFileSizeLow=0x141bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="_BTL8MHlXibeA v6.jpg", cAlternateFileName="_BTL8M~1.JPG")) returned 1 [0212.738] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcea60 | out: lpFindFileData=0x1abcea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcb97610, ftCreationTime.dwHighDateTime=0x1d9ad6e, ftLastAccessTime.dwLowDateTime=0x7858a1c0, ftLastAccessTime.dwHighDateTime=0x1d9ade9, ftLastWriteTime.dwLowDateTime=0x7858a1c0, ftLastWriteTime.dwHighDateTime=0x1d9ade9, nFileSizeHigh=0x0, nFileSizeLow=0x141bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="_BTL8MHlXibeA v6.jpg", cAlternateFileName="_BTL8M~1.JPG")) returned 0 [0212.738] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0212.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce988) returned 1 [0212.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceba8) returned 1 [0212.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.739] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI", nBufferLength=0x105, lpBuffer=0x1abce630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI", lpFilePart=0x0) returned 0x56 [0212.740] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\*.*" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\*.*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb5183f0, ftCreationTime.dwHighDateTime=0x1d9b0b0, ftLastAccessTime.dwLowDateTime=0xe27fdc41, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x45e92b0, ftLastWriteTime.dwHighDateTime=0x1d9b268, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601720 [0212.745] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb5183f0, ftCreationTime.dwHighDateTime=0x1d9b0b0, ftLastAccessTime.dwLowDateTime=0xe27fdc41, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x45e92b0, ftLastWriteTime.dwHighDateTime=0x1d9b268, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.745] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c582090, ftCreationTime.dwHighDateTime=0x1d9a74b, ftLastAccessTime.dwLowDateTime=0xde011a40, ftLastAccessTime.dwHighDateTime=0x1d9ad0b, ftLastWriteTime.dwLowDateTime=0xde011a40, ftLastWriteTime.dwHighDateTime=0x1d9ad0b, nFileSizeHigh=0x0, nFileSizeLow=0x122c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="CNhSRq_988nVmcAoKs I.bmp", cAlternateFileName="CNHSRQ~1.BMP")) returned 1 [0212.745] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7143dc0, ftCreationTime.dwHighDateTime=0x1d9adf0, ftLastAccessTime.dwLowDateTime=0xbf487150, ftLastAccessTime.dwHighDateTime=0x1d9b131, ftLastWriteTime.dwLowDateTime=0xbf487150, ftLastWriteTime.dwHighDateTime=0x1d9b131, nFileSizeHigh=0x0, nFileSizeLow=0x6be1, dwReserved0=0x0, dwReserved1=0x0, cFileName="goujVTDJ1s18.jpg", cAlternateFileName="GOUJVT~1.JPG")) returned 1 [0212.745] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce18f9d0, ftCreationTime.dwHighDateTime=0x1d9a988, ftLastAccessTime.dwLowDateTime=0xd6c399f0, ftLastAccessTime.dwHighDateTime=0x1d9a9dd, ftLastWriteTime.dwLowDateTime=0xd6c399f0, ftLastWriteTime.dwHighDateTime=0x1d9a9dd, nFileSizeHigh=0x0, nFileSizeLow=0x3cfa, dwReserved0=0x0, dwReserved1=0x0, cFileName="JxmR6v_b0d1c1TOkKn.jpg", cAlternateFileName="JXMR6V~1.JPG")) returned 1 [0212.745] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb22d3c0, ftCreationTime.dwHighDateTime=0x1d9a55b, ftLastAccessTime.dwLowDateTime=0x5e377040, ftLastAccessTime.dwHighDateTime=0x1d9a9d5, ftLastWriteTime.dwLowDateTime=0x5e377040, ftLastWriteTime.dwHighDateTime=0x1d9a9d5, nFileSizeHigh=0x0, nFileSizeLow=0x20bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScFVHzsefvu1Kt2J0.jpg", cAlternateFileName="SCFVHZ~1.JPG")) returned 1 [0212.745] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b66c6c0, ftCreationTime.dwHighDateTime=0x1d9b4db, ftLastAccessTime.dwLowDateTime=0xe6ef640, ftLastAccessTime.dwHighDateTime=0x1d9b4df, ftLastWriteTime.dwLowDateTime=0xe6ef640, ftLastWriteTime.dwHighDateTime=0x1d9b4df, nFileSizeHigh=0x0, nFileSizeLow=0x176c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WFsJxSQxtzsU8zvNclOo.gif", cAlternateFileName="WFSJXS~1.GIF")) returned 1 [0212.746] FindNextFileW (in: hFindFile=0x601720, lpFindFileData=0x1abce9f0 | out: lpFindFileData=0x1abce9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.746] FindClose (in: hFindFile=0x601720 | out: hFindFile=0x601720) returned 1 [0212.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce918) returned 1 [0212.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb68) returned 1 [0212.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abceb88) returned 1 [0212.746] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI", nBufferLength=0x105, lpBuffer=0x1abce630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI", lpFilePart=0x0) returned 0x56 [0212.747] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\gMmQ7sMpVxP4WwXZrp\\mLpk6DQaJ9\\AI-BTkK-C\\J7Kz7aXvYKxh-WWyGI\\*" (normalized: "c:\\users\\oqxzraykm\\pictures\\gmmq7smpvxp4wwxzrp\\mlpk6dqaj9\\ai-btkk-c\\j7kz7axvykxh-wwygi\\*"), lpFindFileData=0x1abce930 | out: lpFindFileData=0x1abce930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb5183f0, ftCreationTime.dwHighDateTime=0x1d9b0b0, ftLastAccessTime.dwLowDateTime=0xe27fdc41, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x45e92b0, ftLastWriteTime.dwHighDateTime=0x1d9b268, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d00 [0212.747] FindNextFileW (in: hFindFile=0x600d00, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb5183f0, ftCreationTime.dwHighDateTime=0x1d9b0b0, ftLastAccessTime.dwLowDateTime=0xe27fdc41, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x45e92b0, ftLastWriteTime.dwHighDateTime=0x1d9b268, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.747] FindNextFileW (in: hFindFile=0x600d00, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c582090, ftCreationTime.dwHighDateTime=0x1d9a74b, ftLastAccessTime.dwLowDateTime=0xde011a40, ftLastAccessTime.dwHighDateTime=0x1d9ad0b, ftLastWriteTime.dwLowDateTime=0xde011a40, ftLastWriteTime.dwHighDateTime=0x1d9ad0b, nFileSizeHigh=0x0, nFileSizeLow=0x122c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="CNhSRq_988nVmcAoKs I.bmp", cAlternateFileName="CNHSRQ~1.BMP")) returned 1 [0212.748] FindNextFileW (in: hFindFile=0x600d00, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7143dc0, ftCreationTime.dwHighDateTime=0x1d9adf0, ftLastAccessTime.dwLowDateTime=0xbf487150, ftLastAccessTime.dwHighDateTime=0x1d9b131, ftLastWriteTime.dwLowDateTime=0xbf487150, ftLastWriteTime.dwHighDateTime=0x1d9b131, nFileSizeHigh=0x0, nFileSizeLow=0x6be1, dwReserved0=0x0, dwReserved1=0x0, cFileName="goujVTDJ1s18.jpg", cAlternateFileName="GOUJVT~1.JPG")) returned 1 [0212.748] FindNextFileW (in: hFindFile=0x600d00, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce18f9d0, ftCreationTime.dwHighDateTime=0x1d9a988, ftLastAccessTime.dwLowDateTime=0xd6c399f0, ftLastAccessTime.dwHighDateTime=0x1d9a9dd, ftLastWriteTime.dwLowDateTime=0xd6c399f0, ftLastWriteTime.dwHighDateTime=0x1d9a9dd, nFileSizeHigh=0x0, nFileSizeLow=0x3cfa, dwReserved0=0x0, dwReserved1=0x0, cFileName="JxmR6v_b0d1c1TOkKn.jpg", cAlternateFileName="JXMR6V~1.JPG")) returned 1 [0212.748] FindNextFileW (in: hFindFile=0x600d00, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb22d3c0, ftCreationTime.dwHighDateTime=0x1d9a55b, ftLastAccessTime.dwLowDateTime=0x5e377040, ftLastAccessTime.dwHighDateTime=0x1d9a9d5, ftLastWriteTime.dwLowDateTime=0x5e377040, ftLastWriteTime.dwHighDateTime=0x1d9a9d5, nFileSizeHigh=0x0, nFileSizeLow=0x20bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScFVHzsefvu1Kt2J0.jpg", cAlternateFileName="SCFVHZ~1.JPG")) returned 1 [0212.748] FindNextFileW (in: hFindFile=0x600d00, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b66c6c0, ftCreationTime.dwHighDateTime=0x1d9b4db, ftLastAccessTime.dwLowDateTime=0xe6ef640, ftLastAccessTime.dwHighDateTime=0x1d9b4df, ftLastWriteTime.dwLowDateTime=0xe6ef640, ftLastWriteTime.dwHighDateTime=0x1d9b4df, nFileSizeHigh=0x0, nFileSizeLow=0x176c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WFsJxSQxtzsU8zvNclOo.gif", cAlternateFileName="WFSJXS~1.GIF")) returned 1 [0212.748] FindNextFileW (in: hFindFile=0x600d00, lpFindFileData=0x1abce960 | out: lpFindFileData=0x1abce960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b66c6c0, ftCreationTime.dwHighDateTime=0x1d9b4db, ftLastAccessTime.dwLowDateTime=0xe6ef640, ftLastAccessTime.dwHighDateTime=0x1d9b4df, ftLastWriteTime.dwLowDateTime=0xe6ef640, ftLastWriteTime.dwHighDateTime=0x1d9b4df, nFileSizeHigh=0x0, nFileSizeLow=0x176c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WFsJxSQxtzsU8zvNclOo.gif", cAlternateFileName="WFSJXS~1.GIF")) returned 0 [0212.748] FindClose (in: hFindFile=0x600d00 | out: hFindFile=0x600d00) returned 1 [0212.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abce888) returned 1 [0212.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceaa8) returned 1 [0212.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.749] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_", lpFilePart=0x0) returned 0x26 [0212.749] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\*.*" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe38b6580, ftCreationTime.dwHighDateTime=0x1d9b0ab, ftLastAccessTime.dwLowDateTime=0xd8141e6f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x184da6b0, ftLastWriteTime.dwHighDateTime=0x1d9b15c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0212.750] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe38b6580, ftCreationTime.dwHighDateTime=0x1d9b0ab, ftLastAccessTime.dwLowDateTime=0xd8141e6f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x184da6b0, ftLastWriteTime.dwHighDateTime=0x1d9b15c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.750] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf114cd50, ftCreationTime.dwHighDateTime=0x1d9a9d9, ftLastAccessTime.dwLowDateTime=0x7abdc170, ftLastAccessTime.dwHighDateTime=0x1d9b087, ftLastWriteTime.dwLowDateTime=0x7abdc170, ftLastWriteTime.dwHighDateTime=0x1d9b087, nFileSizeHigh=0x0, nFileSizeLow=0xe43f, dwReserved0=0x0, dwReserved1=0x0, cFileName="bBT-MFL3sFb3zx-FPOy.gif", cAlternateFileName="BBT-MF~1.GIF")) returned 1 [0212.750] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20f2a6d0, ftCreationTime.dwHighDateTime=0x1d9a653, ftLastAccessTime.dwLowDateTime=0xfdf1d3a0, ftLastAccessTime.dwHighDateTime=0x1d9b21d, ftLastWriteTime.dwLowDateTime=0xfdf1d3a0, ftLastWriteTime.dwHighDateTime=0x1d9b21d, nFileSizeHigh=0x0, nFileSizeLow=0x12e5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="e95MKF1cwUHr.bmp", cAlternateFileName="E95MKF~1.BMP")) returned 1 [0212.750] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb018b0, ftCreationTime.dwHighDateTime=0x1d9b409, ftLastAccessTime.dwLowDateTime=0xbffab070, ftLastAccessTime.dwHighDateTime=0x1d9b449, ftLastWriteTime.dwLowDateTime=0xbffab070, ftLastWriteTime.dwHighDateTime=0x1d9b449, nFileSizeHigh=0x0, nFileSizeLow=0xa07a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kx8A.jpg", cAlternateFileName="")) returned 1 [0212.750] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd535a450, ftCreationTime.dwHighDateTime=0x1d9a566, ftLastAccessTime.dwLowDateTime=0x35269070, ftLastAccessTime.dwHighDateTime=0x1d9abf4, ftLastWriteTime.dwLowDateTime=0x35269070, ftLastWriteTime.dwHighDateTime=0x1d9abf4, nFileSizeHigh=0x0, nFileSizeLow=0x163c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOoazXE175u-tWOUa.gif", cAlternateFileName="MOOAZX~1.GIF")) returned 1 [0212.751] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe285d60, ftCreationTime.dwHighDateTime=0x1d9b38c, ftLastAccessTime.dwLowDateTime=0xd6e49eb0, ftLastAccessTime.dwHighDateTime=0x1d9b4ce, ftLastWriteTime.dwLowDateTime=0xd6e49eb0, ftLastWriteTime.dwHighDateTime=0x1d9b4ce, nFileSizeHigh=0x0, nFileSizeLow=0x1416a, dwReserved0=0x0, dwReserved1=0x0, cFileName="wdEc2kGh2EaP.jpg", cAlternateFileName="WDEC2K~1.JPG")) returned 1 [0212.751] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.751] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0212.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.751] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_", lpFilePart=0x0) returned 0x26 [0212.752] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\rFTl6BSzg_\\*" (normalized: "c:\\users\\oqxzraykm\\pictures\\rftl6bszg_\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe38b6580, ftCreationTime.dwHighDateTime=0x1d9b0ab, ftLastAccessTime.dwLowDateTime=0xd8141e6f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x184da6b0, ftLastWriteTime.dwHighDateTime=0x1d9b15c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.752] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe38b6580, ftCreationTime.dwHighDateTime=0x1d9b0ab, ftLastAccessTime.dwLowDateTime=0xd8141e6f, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x184da6b0, ftLastWriteTime.dwHighDateTime=0x1d9b15c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.752] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf114cd50, ftCreationTime.dwHighDateTime=0x1d9a9d9, ftLastAccessTime.dwLowDateTime=0x7abdc170, ftLastAccessTime.dwHighDateTime=0x1d9b087, ftLastWriteTime.dwLowDateTime=0x7abdc170, ftLastWriteTime.dwHighDateTime=0x1d9b087, nFileSizeHigh=0x0, nFileSizeLow=0xe43f, dwReserved0=0x0, dwReserved1=0x0, cFileName="bBT-MFL3sFb3zx-FPOy.gif", cAlternateFileName="BBT-MF~1.GIF")) returned 1 [0212.753] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20f2a6d0, ftCreationTime.dwHighDateTime=0x1d9a653, ftLastAccessTime.dwLowDateTime=0xfdf1d3a0, ftLastAccessTime.dwHighDateTime=0x1d9b21d, ftLastWriteTime.dwLowDateTime=0xfdf1d3a0, ftLastWriteTime.dwHighDateTime=0x1d9b21d, nFileSizeHigh=0x0, nFileSizeLow=0x12e5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="e95MKF1cwUHr.bmp", cAlternateFileName="E95MKF~1.BMP")) returned 1 [0212.753] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb018b0, ftCreationTime.dwHighDateTime=0x1d9b409, ftLastAccessTime.dwLowDateTime=0xbffab070, ftLastAccessTime.dwHighDateTime=0x1d9b449, ftLastWriteTime.dwLowDateTime=0xbffab070, ftLastWriteTime.dwHighDateTime=0x1d9b449, nFileSizeHigh=0x0, nFileSizeLow=0xa07a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kx8A.jpg", cAlternateFileName="")) returned 1 [0212.753] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd535a450, ftCreationTime.dwHighDateTime=0x1d9a566, ftLastAccessTime.dwLowDateTime=0x35269070, ftLastAccessTime.dwHighDateTime=0x1d9abf4, ftLastWriteTime.dwLowDateTime=0x35269070, ftLastWriteTime.dwHighDateTime=0x1d9abf4, nFileSizeHigh=0x0, nFileSizeLow=0x163c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOoazXE175u-tWOUa.gif", cAlternateFileName="MOOAZX~1.GIF")) returned 1 [0212.753] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe285d60, ftCreationTime.dwHighDateTime=0x1d9b38c, ftLastAccessTime.dwLowDateTime=0xd6e49eb0, ftLastAccessTime.dwHighDateTime=0x1d9b4ce, ftLastWriteTime.dwLowDateTime=0xd6e49eb0, ftLastWriteTime.dwHighDateTime=0x1d9b4ce, nFileSizeHigh=0x0, nFileSizeLow=0x1416a, dwReserved0=0x0, dwReserved1=0x0, cFileName="wdEc2kGh2EaP.jpg", cAlternateFileName="WDEC2K~1.JPG")) returned 1 [0212.753] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe285d60, ftCreationTime.dwHighDateTime=0x1d9b38c, ftLastAccessTime.dwLowDateTime=0xd6e49eb0, ftLastAccessTime.dwHighDateTime=0x1d9b4ce, ftLastWriteTime.dwLowDateTime=0xd6e49eb0, ftLastWriteTime.dwHighDateTime=0x1d9b4ce, nFileSizeHigh=0x0, nFileSizeLow=0x1416a, dwReserved0=0x0, dwReserved1=0x0, cFileName="wdEc2kGh2EaP.jpg", cAlternateFileName="WDEC2K~1.JPG")) returned 0 [0212.753] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.754] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\PrintHood", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\PrintHood", lpFilePart=0x0) returned 0x1c [0212.754] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\PrintHood\\*.*" (normalized: "c:\\users\\oqxzraykm\\printhood\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.765] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Recent", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Recent", lpFilePart=0x0) returned 0x19 [0212.765] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Recent\\*.*" (normalized: "c:\\users\\oqxzraykm\\recent\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.766] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.774] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Saved Games", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Saved Games", lpFilePart=0x0) returned 0x1e [0212.775] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Saved Games\\*.*" (normalized: "c:\\users\\oqxzraykm\\saved games\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x5213b46d, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x5213b46d, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0212.775] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x5213b46d, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x5213b46d, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.775] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x52115137, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9976bb8f, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x5213b46d, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.777] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.777] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0212.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.778] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Saved Games", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Saved Games", lpFilePart=0x0) returned 0x1e [0212.779] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Saved Games\\*" (normalized: "c:\\users\\oqxzraykm\\saved games\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x13357485, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x5213b46d, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0212.779] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x13357485, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x5213b46d, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.779] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x52115137, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9976bb8f, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x5213b46d, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.779] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x52115137, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x9976bb8f, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x5213b46d, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0212.779] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0212.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.780] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Searches", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Searches", lpFilePart=0x0) returned 0x1b [0212.781] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Searches\\*.*" (normalized: "c:\\users\\oqxzraykm\\searches\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51dcdf1c, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x54c1289d, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x522b8c50, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601840 [0212.781] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51dcdf1c, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x54c1289d, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x522b8c50, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.781] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x51dcdf1c, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x99745a30, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x522b8c50, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.784] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x522b8c50, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x522b8c50, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x522b8c50, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0212.786] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x521879f0, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x521879f0, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x521879f0, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0212.789] FindNextFileW (in: hFindFile=0x601840, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.789] FindClose (in: hFindFile=0x601840 | out: hFindFile=0x601840) returned 1 [0212.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.790] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Searches", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Searches", lpFilePart=0x0) returned 0x1b [0212.791] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Searches\\*" (normalized: "c:\\users\\oqxzraykm\\searches\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51dcdf1c, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x1337d4f9, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x522b8c50, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0212.791] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51dcdf1c, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x1337d4f9, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x522b8c50, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.791] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x51dcdf1c, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x99745a30, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x522b8c50, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.791] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x522b8c50, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x522b8c50, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x522b8c50, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0212.792] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x521879f0, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x521879f0, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x521879f0, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0212.792] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x521879f0, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x521879f0, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x521879f0, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0212.792] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0212.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.792] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\SendTo", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\SendTo", lpFilePart=0x0) returned 0x19 [0212.797] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\SendTo\\*.*" (normalized: "c:\\users\\oqxzraykm\\sendto\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.801] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Start Menu", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Start Menu", lpFilePart=0x0) returned 0x1d [0212.801] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Start Menu\\*.*" (normalized: "c:\\users\\oqxzraykm\\start menu\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec58) returned 1 [0212.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.810] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos", lpFilePart=0x0) returned 0x19 [0212.811] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\*.*" (normalized: "c:\\users\\oqxzraykm\\videos\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd85155ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b2662dc, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.811] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd85155ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b2662dc, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.811] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xccab3970, ftCreationTime.dwHighDateTime=0x1d9adf0, ftLastAccessTime.dwLowDateTime=0xb3027fe0, ftLastAccessTime.dwHighDateTime=0x1d9b27a, ftLastWriteTime.dwLowDateTime=0xb3027fe0, ftLastWriteTime.dwHighDateTime=0x1d9b27a, nFileSizeHigh=0x0, nFileSizeLow=0xe1d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="1ELGz1r3OZoMCzx6.avi", cAlternateFileName="1ELGZ1~1.AVI")) returned 1 [0212.814] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e171760, ftCreationTime.dwHighDateTime=0x1d9aeb3, ftLastAccessTime.dwLowDateTime=0x1ffd8e10, ftLastAccessTime.dwHighDateTime=0x1d9b2ac, ftLastWriteTime.dwLowDateTime=0x1ffd8e10, ftLastWriteTime.dwHighDateTime=0x1d9b2ac, nFileSizeHigh=0x0, nFileSizeLow=0x103b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="5JBEpkUqPCrPrk.mkv", cAlternateFileName="5JBEPK~1.MKV")) returned 1 [0212.819] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb20aa930, ftCreationTime.dwHighDateTime=0x1d9add6, ftLastAccessTime.dwLowDateTime=0x9302c560, ftLastAccessTime.dwHighDateTime=0x1d9adf7, ftLastWriteTime.dwLowDateTime=0x9302c560, ftLastWriteTime.dwHighDateTime=0x1d9adf7, nFileSizeHigh=0x0, nFileSizeLow=0x130e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="7LCOCoIwfID_k.avi", cAlternateFileName="7LCOCO~1.AVI")) returned 1 [0212.826] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x591f0c30, ftCreationTime.dwHighDateTime=0x1d9b213, ftLastAccessTime.dwLowDateTime=0x1a7c6cf0, ftLastAccessTime.dwHighDateTime=0x1d9b422, ftLastWriteTime.dwLowDateTime=0x1a7c6cf0, ftLastWriteTime.dwHighDateTime=0x1d9b422, nFileSizeHigh=0x0, nFileSizeLow=0x4b77, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bs j.mp4", cAlternateFileName="BSJ~1.MP4")) returned 1 [0212.828] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6a7f890, ftCreationTime.dwHighDateTime=0x1d9b1a0, ftLastAccessTime.dwLowDateTime=0xd85155ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xc1c00510, ftLastWriteTime.dwHighDateTime=0x1d9b2b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cUOFj", cAlternateFileName="")) returned 1 [0212.828] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x516ccffe, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd853b86b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.829] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x611bdc0, ftCreationTime.dwHighDateTime=0x1d9a62f, ftLastAccessTime.dwLowDateTime=0x3dd06220, ftLastAccessTime.dwHighDateTime=0x1d9ae4a, ftLastWriteTime.dwLowDateTime=0x3dd06220, ftLastWriteTime.dwHighDateTime=0x1d9ae4a, nFileSizeHigh=0x0, nFileSizeLow=0x5a7a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ew2jRsg_.avi", cAlternateFileName="")) returned 1 [0212.830] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6666c00, ftCreationTime.dwHighDateTime=0x1d9a888, ftLastAccessTime.dwLowDateTime=0x11d03990, ftLastAccessTime.dwHighDateTime=0x1d9ad53, ftLastWriteTime.dwLowDateTime=0x11d03990, ftLastWriteTime.dwHighDateTime=0x1d9ad53, nFileSizeHigh=0x0, nFileSizeLow=0x102c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="hIUicmYfr BOKO-G7dUP.flv", cAlternateFileName="HIUICM~1.FLV")) returned 1 [0212.831] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59549db0, ftCreationTime.dwHighDateTime=0x1d9ab19, ftLastAccessTime.dwLowDateTime=0xae8df290, ftLastAccessTime.dwHighDateTime=0x1d9ac36, ftLastWriteTime.dwLowDateTime=0xae8df290, ftLastWriteTime.dwHighDateTime=0x1d9ac36, nFileSizeHigh=0x0, nFileSizeLow=0x10140, dwReserved0=0x0, dwReserved1=0x0, cFileName="kRqaIM6c40cE.swf", cAlternateFileName="KRQAIM~1.SWF")) returned 1 [0212.831] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cc58fb0, ftCreationTime.dwHighDateTime=0x1d9a7be, ftLastAccessTime.dwLowDateTime=0x22f4c070, ftLastAccessTime.dwHighDateTime=0x1d9aefb, ftLastWriteTime.dwLowDateTime=0x22f4c070, ftLastWriteTime.dwHighDateTime=0x1d9aefb, nFileSizeHigh=0x0, nFileSizeLow=0x150fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="k_YRLOOp2qWd.avi", cAlternateFileName="K_YRLO~1.AVI")) returned 1 [0212.831] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdda56ed0, ftCreationTime.dwHighDateTime=0x1d9a8af, ftLastAccessTime.dwLowDateTime=0x8e287c90, ftLastAccessTime.dwHighDateTime=0x1d9ac41, ftLastWriteTime.dwLowDateTime=0x8e287c90, ftLastWriteTime.dwHighDateTime=0x1d9ac41, nFileSizeHigh=0x0, nFileSizeLow=0x135b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="oGnP UReG2.flv", cAlternateFileName="OGNPUR~1.FLV")) returned 1 [0212.831] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x543cb4c0, ftCreationTime.dwHighDateTime=0x1d9a533, ftLastAccessTime.dwLowDateTime=0x1cc8a8a0, ftLastAccessTime.dwHighDateTime=0x1d9afc9, ftLastWriteTime.dwLowDateTime=0x1cc8a8a0, ftLastWriteTime.dwHighDateTime=0x1d9afc9, nFileSizeHigh=0x0, nFileSizeLow=0x1654d, dwReserved0=0x0, dwReserved1=0x0, cFileName="OZnVnx_1R0ky9orJ-.avi", cAlternateFileName="OZNVNX~1.AVI")) returned 1 [0212.831] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3325e80, ftCreationTime.dwHighDateTime=0x1d9ac3c, ftLastAccessTime.dwLowDateTime=0x34e86fb0, ftLastAccessTime.dwHighDateTime=0x1d9b27b, ftLastWriteTime.dwLowDateTime=0x34e86fb0, ftLastWriteTime.dwHighDateTime=0x1d9b27b, nFileSizeHigh=0x0, nFileSizeLow=0x39e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="TxNm.swf", cAlternateFileName="")) returned 1 [0212.832] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8ad4d00, ftCreationTime.dwHighDateTime=0x1d9b238, ftLastAccessTime.dwLowDateTime=0x9b3e2f00, ftLastAccessTime.dwHighDateTime=0x1d9b499, ftLastWriteTime.dwLowDateTime=0x9b3e2f00, ftLastWriteTime.dwHighDateTime=0x1d9b499, nFileSizeHigh=0x0, nFileSizeLow=0x3cc9, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZzS4.flv", cAlternateFileName="")) returned 1 [0212.832] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.832] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0212.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.832] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos", lpFilePart=0x0) returned 0x19 [0212.833] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\*" (normalized: "c:\\users\\oqxzraykm\\videos\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd85155ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b2662dc, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.833] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd85155ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x2b2662dc, ftLastWriteTime.dwHighDateTime=0x1d9b560, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.833] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xccab3970, ftCreationTime.dwHighDateTime=0x1d9adf0, ftLastAccessTime.dwLowDateTime=0xb3027fe0, ftLastAccessTime.dwHighDateTime=0x1d9b27a, ftLastWriteTime.dwLowDateTime=0xb3027fe0, ftLastWriteTime.dwHighDateTime=0x1d9b27a, nFileSizeHigh=0x0, nFileSizeLow=0xe1d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="1ELGz1r3OZoMCzx6.avi", cAlternateFileName="1ELGZ1~1.AVI")) returned 1 [0212.833] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e171760, ftCreationTime.dwHighDateTime=0x1d9aeb3, ftLastAccessTime.dwLowDateTime=0x1ffd8e10, ftLastAccessTime.dwHighDateTime=0x1d9b2ac, ftLastWriteTime.dwLowDateTime=0x1ffd8e10, ftLastWriteTime.dwHighDateTime=0x1d9b2ac, nFileSizeHigh=0x0, nFileSizeLow=0x103b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="5JBEpkUqPCrPrk.mkv", cAlternateFileName="5JBEPK~1.MKV")) returned 1 [0212.833] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb20aa930, ftCreationTime.dwHighDateTime=0x1d9add6, ftLastAccessTime.dwLowDateTime=0x9302c560, ftLastAccessTime.dwHighDateTime=0x1d9adf7, ftLastWriteTime.dwLowDateTime=0x9302c560, ftLastWriteTime.dwHighDateTime=0x1d9adf7, nFileSizeHigh=0x0, nFileSizeLow=0x130e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="7LCOCoIwfID_k.avi", cAlternateFileName="7LCOCO~1.AVI")) returned 1 [0212.834] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x591f0c30, ftCreationTime.dwHighDateTime=0x1d9b213, ftLastAccessTime.dwLowDateTime=0x1a7c6cf0, ftLastAccessTime.dwHighDateTime=0x1d9b422, ftLastWriteTime.dwLowDateTime=0x1a7c6cf0, ftLastWriteTime.dwHighDateTime=0x1d9b422, nFileSizeHigh=0x0, nFileSizeLow=0x4b77, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bs j.mp4", cAlternateFileName="BSJ~1.MP4")) returned 1 [0212.834] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6a7f890, ftCreationTime.dwHighDateTime=0x1d9b1a0, ftLastAccessTime.dwLowDateTime=0xd85155ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xc1c00510, ftLastWriteTime.dwHighDateTime=0x1d9b2b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cUOFj", cAlternateFileName="")) returned 1 [0212.834] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x516ccffe, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0xd853b86b, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.834] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x611bdc0, ftCreationTime.dwHighDateTime=0x1d9a62f, ftLastAccessTime.dwLowDateTime=0x3dd06220, ftLastAccessTime.dwHighDateTime=0x1d9ae4a, ftLastWriteTime.dwLowDateTime=0x3dd06220, ftLastWriteTime.dwHighDateTime=0x1d9ae4a, nFileSizeHigh=0x0, nFileSizeLow=0x5a7a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ew2jRsg_.avi", cAlternateFileName="")) returned 1 [0212.834] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6666c00, ftCreationTime.dwHighDateTime=0x1d9a888, ftLastAccessTime.dwLowDateTime=0x11d03990, ftLastAccessTime.dwHighDateTime=0x1d9ad53, ftLastWriteTime.dwLowDateTime=0x11d03990, ftLastWriteTime.dwHighDateTime=0x1d9ad53, nFileSizeHigh=0x0, nFileSizeLow=0x102c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="hIUicmYfr BOKO-G7dUP.flv", cAlternateFileName="HIUICM~1.FLV")) returned 1 [0212.834] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59549db0, ftCreationTime.dwHighDateTime=0x1d9ab19, ftLastAccessTime.dwLowDateTime=0xae8df290, ftLastAccessTime.dwHighDateTime=0x1d9ac36, ftLastWriteTime.dwLowDateTime=0xae8df290, ftLastWriteTime.dwHighDateTime=0x1d9ac36, nFileSizeHigh=0x0, nFileSizeLow=0x10140, dwReserved0=0x0, dwReserved1=0x0, cFileName="kRqaIM6c40cE.swf", cAlternateFileName="KRQAIM~1.SWF")) returned 1 [0212.834] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cc58fb0, ftCreationTime.dwHighDateTime=0x1d9a7be, ftLastAccessTime.dwLowDateTime=0x22f4c070, ftLastAccessTime.dwHighDateTime=0x1d9aefb, ftLastWriteTime.dwLowDateTime=0x22f4c070, ftLastWriteTime.dwHighDateTime=0x1d9aefb, nFileSizeHigh=0x0, nFileSizeLow=0x150fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="k_YRLOOp2qWd.avi", cAlternateFileName="K_YRLO~1.AVI")) returned 1 [0212.834] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdda56ed0, ftCreationTime.dwHighDateTime=0x1d9a8af, ftLastAccessTime.dwLowDateTime=0x8e287c90, ftLastAccessTime.dwHighDateTime=0x1d9ac41, ftLastWriteTime.dwLowDateTime=0x8e287c90, ftLastWriteTime.dwHighDateTime=0x1d9ac41, nFileSizeHigh=0x0, nFileSizeLow=0x135b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="oGnP UReG2.flv", cAlternateFileName="OGNPUR~1.FLV")) returned 1 [0212.834] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x543cb4c0, ftCreationTime.dwHighDateTime=0x1d9a533, ftLastAccessTime.dwLowDateTime=0x1cc8a8a0, ftLastAccessTime.dwHighDateTime=0x1d9afc9, ftLastWriteTime.dwLowDateTime=0x1cc8a8a0, ftLastWriteTime.dwHighDateTime=0x1d9afc9, nFileSizeHigh=0x0, nFileSizeLow=0x1654d, dwReserved0=0x0, dwReserved1=0x0, cFileName="OZnVnx_1R0ky9orJ-.avi", cAlternateFileName="OZNVNX~1.AVI")) returned 1 [0212.835] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3325e80, ftCreationTime.dwHighDateTime=0x1d9ac3c, ftLastAccessTime.dwLowDateTime=0x34e86fb0, ftLastAccessTime.dwHighDateTime=0x1d9b27b, ftLastWriteTime.dwLowDateTime=0x34e86fb0, ftLastWriteTime.dwHighDateTime=0x1d9b27b, nFileSizeHigh=0x0, nFileSizeLow=0x39e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="TxNm.swf", cAlternateFileName="")) returned 1 [0212.835] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8ad4d00, ftCreationTime.dwHighDateTime=0x1d9b238, ftLastAccessTime.dwLowDateTime=0x9b3e2f00, ftLastAccessTime.dwHighDateTime=0x1d9b499, ftLastWriteTime.dwLowDateTime=0x9b3e2f00, ftLastWriteTime.dwHighDateTime=0x1d9b499, nFileSizeHigh=0x0, nFileSizeLow=0x3cc9, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZzS4.flv", cAlternateFileName="")) returned 1 [0212.835] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8ad4d00, ftCreationTime.dwHighDateTime=0x1d9b238, ftLastAccessTime.dwLowDateTime=0x9b3e2f00, ftLastAccessTime.dwHighDateTime=0x1d9b499, ftLastWriteTime.dwLowDateTime=0x9b3e2f00, ftLastWriteTime.dwHighDateTime=0x1d9b499, nFileSizeHigh=0x0, nFileSizeLow=0x3cc9, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZzS4.flv", cAlternateFileName="")) returned 0 [0212.835] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0212.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.836] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj", lpFilePart=0x0) returned 0x1f [0212.836] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\*.*" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6a7f890, ftCreationTime.dwHighDateTime=0x1d9b1a0, ftLastAccessTime.dwLowDateTime=0xd85155ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xc1c00510, ftLastWriteTime.dwHighDateTime=0x1d9b2b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0212.837] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6a7f890, ftCreationTime.dwHighDateTime=0x1d9b1a0, ftLastAccessTime.dwLowDateTime=0xd85155ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xc1c00510, ftLastWriteTime.dwHighDateTime=0x1d9b2b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.837] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0f6de20, ftCreationTime.dwHighDateTime=0x1d9a67c, ftLastAccessTime.dwLowDateTime=0xee2f9b00, ftLastAccessTime.dwHighDateTime=0x1d9b169, ftLastWriteTime.dwLowDateTime=0xee2f9b00, ftLastWriteTime.dwHighDateTime=0x1d9b169, nFileSizeHigh=0x0, nFileSizeLow=0x100d, dwReserved0=0x0, dwReserved1=0x0, cFileName="0nKOlFL3.avi", cAlternateFileName="")) returned 1 [0212.837] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8a2cb80, ftCreationTime.dwHighDateTime=0x1d9a500, ftLastAccessTime.dwLowDateTime=0x7eedf650, ftLastAccessTime.dwHighDateTime=0x1d9ad55, ftLastWriteTime.dwLowDateTime=0x7eedf650, ftLastWriteTime.dwHighDateTime=0x1d9ad55, nFileSizeHigh=0x0, nFileSizeLow=0x1796e, dwReserved0=0x0, dwReserved1=0x0, cFileName="4E0eJCdX8qGv6l.swf", cAlternateFileName="4E0EJC~1.SWF")) returned 1 [0212.837] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2efd8c90, ftCreationTime.dwHighDateTime=0x1d9b52b, ftLastAccessTime.dwLowDateTime=0x3057e640, ftLastAccessTime.dwHighDateTime=0x1d9b548, ftLastWriteTime.dwLowDateTime=0x3057e640, ftLastWriteTime.dwHighDateTime=0x1d9b548, nFileSizeHigh=0x0, nFileSizeLow=0x9ddb, dwReserved0=0x0, dwReserved1=0x0, cFileName="5qW-bg-R-xNgSvMXRga.swf", cAlternateFileName="5QW-BG~1.SWF")) returned 1 [0212.837] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb7e2d30, ftCreationTime.dwHighDateTime=0x1d9b21f, ftLastAccessTime.dwLowDateTime=0xa5d755c0, ftLastAccessTime.dwHighDateTime=0x1d9b44b, ftLastWriteTime.dwLowDateTime=0xa5d755c0, ftLastWriteTime.dwHighDateTime=0x1d9b44b, nFileSizeHigh=0x0, nFileSizeLow=0x896d, dwReserved0=0x0, dwReserved1=0x0, cFileName="agiF0Mgb_RU5JL-puA.mp4", cAlternateFileName="AGIF0M~1.MP4")) returned 1 [0212.837] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54d4c820, ftCreationTime.dwHighDateTime=0x1d9a77a, ftLastAccessTime.dwLowDateTime=0x9e8a5200, ftLastAccessTime.dwHighDateTime=0x1d9a9ff, ftLastWriteTime.dwLowDateTime=0x9e8a5200, ftLastWriteTime.dwHighDateTime=0x1d9a9ff, nFileSizeHigh=0x0, nFileSizeLow=0xa210, dwReserved0=0x0, dwReserved1=0x0, cFileName="bvgx7p.mp4", cAlternateFileName="")) returned 1 [0212.838] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1ef6600, ftCreationTime.dwHighDateTime=0x1d9ab4b, ftLastAccessTime.dwLowDateTime=0xa9748610, ftLastAccessTime.dwHighDateTime=0x1d9acbe, ftLastWriteTime.dwLowDateTime=0xa9748610, ftLastWriteTime.dwHighDateTime=0x1d9acbe, nFileSizeHigh=0x0, nFileSizeLow=0x7649, dwReserved0=0x0, dwReserved1=0x0, cFileName="fXxMWm d8JJEy8Xtw7j.mkv", cAlternateFileName="FXXMWM~1.MKV")) returned 1 [0212.840] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e1e7590, ftCreationTime.dwHighDateTime=0x1d9a7a8, ftLastAccessTime.dwLowDateTime=0x3ca44830, ftLastAccessTime.dwHighDateTime=0x1d9addc, ftLastWriteTime.dwLowDateTime=0x3ca44830, ftLastWriteTime.dwHighDateTime=0x1d9addc, nFileSizeHigh=0x0, nFileSizeLow=0x80cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="IGswwfaj7bocMgDD8h.mp4", cAlternateFileName="IGSWWF~1.MP4")) returned 1 [0212.840] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2b22d10, ftCreationTime.dwHighDateTime=0x1d9b091, ftLastAccessTime.dwLowDateTime=0x7d6c0b20, ftLastAccessTime.dwHighDateTime=0x1d9b190, ftLastWriteTime.dwLowDateTime=0x7d6c0b20, ftLastWriteTime.dwHighDateTime=0x1d9b190, nFileSizeHigh=0x0, nFileSizeLow=0x16361, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jfz.flv", cAlternateFileName="")) returned 1 [0212.840] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x614bd5f0, ftCreationTime.dwHighDateTime=0x1d9af98, ftLastAccessTime.dwLowDateTime=0xddc8ea00, ftLastAccessTime.dwHighDateTime=0x1d9b2ef, ftLastWriteTime.dwLowDateTime=0xddc8ea00, ftLastWriteTime.dwHighDateTime=0x1d9b2ef, nFileSizeHigh=0x0, nFileSizeLow=0x4e53, dwReserved0=0x0, dwReserved1=0x0, cFileName="K5ffhBZ_oKW08-.avi", cAlternateFileName="K5FFHB~1.AVI")) returned 1 [0212.841] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71731020, ftCreationTime.dwHighDateTime=0x1d9a934, ftLastAccessTime.dwLowDateTime=0x480655a0, ftLastAccessTime.dwHighDateTime=0x1d9a99b, ftLastWriteTime.dwLowDateTime=0x480655a0, ftLastWriteTime.dwHighDateTime=0x1d9a99b, nFileSizeHigh=0x0, nFileSizeLow=0xe7d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="kw_J4Vonl x.flv", cAlternateFileName="KW_J4V~1.FLV")) returned 1 [0212.841] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5b2fc0, ftCreationTime.dwHighDateTime=0x1d9a84c, ftLastAccessTime.dwLowDateTime=0x269ddf00, ftLastAccessTime.dwHighDateTime=0x1d9aebe, ftLastWriteTime.dwLowDateTime=0x269ddf00, ftLastWriteTime.dwHighDateTime=0x1d9aebe, nFileSizeHigh=0x0, nFileSizeLow=0x6a17, dwReserved0=0x0, dwReserved1=0x0, cFileName="nB AQx7sl6TsWS3Uq0.mp4", cAlternateFileName="NBAQX7~1.MP4")) returned 1 [0212.841] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5980cd00, ftCreationTime.dwHighDateTime=0x1d9a988, ftLastAccessTime.dwLowDateTime=0xf464a400, ftLastAccessTime.dwHighDateTime=0x1d9b00d, ftLastWriteTime.dwLowDateTime=0xf464a400, ftLastWriteTime.dwHighDateTime=0x1d9b00d, nFileSizeHigh=0x0, nFileSizeLow=0x1357a, dwReserved0=0x0, dwReserved1=0x0, cFileName="PwooGXZQuiXQ3.avi", cAlternateFileName="PWOOGX~1.AVI")) returned 1 [0212.841] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde2b5020, ftCreationTime.dwHighDateTime=0x1d9a93d, ftLastAccessTime.dwLowDateTime=0x6f0bc9a0, ftLastAccessTime.dwHighDateTime=0x1d9ad51, ftLastWriteTime.dwLowDateTime=0x6f0bc9a0, ftLastWriteTime.dwHighDateTime=0x1d9ad51, nFileSizeHigh=0x0, nFileSizeLow=0xf899, dwReserved0=0x0, dwReserved1=0x0, cFileName="srqzB.flv", cAlternateFileName="")) returned 1 [0212.841] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c693940, ftCreationTime.dwHighDateTime=0x1d9aae2, ftLastAccessTime.dwLowDateTime=0xf4ebea70, ftLastAccessTime.dwHighDateTime=0x1d9b0d3, ftLastWriteTime.dwLowDateTime=0xf4ebea70, ftLastWriteTime.dwHighDateTime=0x1d9b0d3, nFileSizeHigh=0x0, nFileSizeLow=0x15ea4, dwReserved0=0x0, dwReserved1=0x0, cFileName="t24Q2Z.mp4", cAlternateFileName="")) returned 1 [0212.841] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64f220d0, ftCreationTime.dwHighDateTime=0x1d9b239, ftLastAccessTime.dwLowDateTime=0xc801b050, ftLastAccessTime.dwHighDateTime=0x1d9b35b, ftLastWriteTime.dwLowDateTime=0xc801b050, ftLastWriteTime.dwHighDateTime=0x1d9b35b, nFileSizeHigh=0x0, nFileSizeLow=0xa11, dwReserved0=0x0, dwReserved1=0x0, cFileName="TbVuZEgqlJviltx.mp4", cAlternateFileName="TBVUZE~1.MP4")) returned 1 [0212.841] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e010270, ftCreationTime.dwHighDateTime=0x1d9a7a9, ftLastAccessTime.dwLowDateTime=0x12568910, ftLastAccessTime.dwHighDateTime=0x1d9ae2e, ftLastWriteTime.dwLowDateTime=0x12568910, ftLastWriteTime.dwHighDateTime=0x1d9ae2e, nFileSizeHigh=0x0, nFileSizeLow=0x1794e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wj9zjrVu.mp4", cAlternateFileName="")) returned 1 [0212.841] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d8d970, ftCreationTime.dwHighDateTime=0x1d9b17c, ftLastAccessTime.dwLowDateTime=0xecbf6150, ftLastAccessTime.dwHighDateTime=0x1d9b2aa, ftLastWriteTime.dwLowDateTime=0xecbf6150, ftLastWriteTime.dwHighDateTime=0x1d9b2aa, nFileSizeHigh=0x0, nFileSizeLow=0x107c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xr4V9WaT5ttMZmeN.flv", cAlternateFileName="XR4V9W~1.FLV")) returned 1 [0212.842] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d1b9d50, ftCreationTime.dwHighDateTime=0x1d9a8ba, ftLastAccessTime.dwLowDateTime=0x11130420, ftLastAccessTime.dwHighDateTime=0x1d9b171, ftLastWriteTime.dwLowDateTime=0x11130420, ftLastWriteTime.dwHighDateTime=0x1d9b171, nFileSizeHigh=0x0, nFileSizeLow=0x14299, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZRXGsN4Yw6b0TwCVAl.flv", cAlternateFileName="ZRXGSN~1.FLV")) returned 1 [0212.842] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abcecf0 | out: lpFindFileData=0x1abcecf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.842] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0212.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec18) returned 1 [0212.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee68) returned 1 [0212.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.842] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Videos\\cUOFj", lpFilePart=0x0) returned 0x1f [0212.843] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\Videos\\cUOFj\\*" (normalized: "c:\\users\\oqxzraykm\\videos\\cuofj\\*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6a7f890, ftCreationTime.dwHighDateTime=0x1d9b1a0, ftLastAccessTime.dwLowDateTime=0xd85155ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xc1c00510, ftLastWriteTime.dwHighDateTime=0x1d9b2b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600c40 [0212.844] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6a7f890, ftCreationTime.dwHighDateTime=0x1d9b1a0, ftLastAccessTime.dwLowDateTime=0xd85155ec, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0xc1c00510, ftLastWriteTime.dwHighDateTime=0x1d9b2b2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.844] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0f6de20, ftCreationTime.dwHighDateTime=0x1d9a67c, ftLastAccessTime.dwLowDateTime=0xee2f9b00, ftLastAccessTime.dwHighDateTime=0x1d9b169, ftLastWriteTime.dwLowDateTime=0xee2f9b00, ftLastWriteTime.dwHighDateTime=0x1d9b169, nFileSizeHigh=0x0, nFileSizeLow=0x100d, dwReserved0=0x0, dwReserved1=0x0, cFileName="0nKOlFL3.avi", cAlternateFileName="")) returned 1 [0212.844] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8a2cb80, ftCreationTime.dwHighDateTime=0x1d9a500, ftLastAccessTime.dwLowDateTime=0x7eedf650, ftLastAccessTime.dwHighDateTime=0x1d9ad55, ftLastWriteTime.dwLowDateTime=0x7eedf650, ftLastWriteTime.dwHighDateTime=0x1d9ad55, nFileSizeHigh=0x0, nFileSizeLow=0x1796e, dwReserved0=0x0, dwReserved1=0x0, cFileName="4E0eJCdX8qGv6l.swf", cAlternateFileName="4E0EJC~1.SWF")) returned 1 [0212.844] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2efd8c90, ftCreationTime.dwHighDateTime=0x1d9b52b, ftLastAccessTime.dwLowDateTime=0x3057e640, ftLastAccessTime.dwHighDateTime=0x1d9b548, ftLastWriteTime.dwLowDateTime=0x3057e640, ftLastWriteTime.dwHighDateTime=0x1d9b548, nFileSizeHigh=0x0, nFileSizeLow=0x9ddb, dwReserved0=0x0, dwReserved1=0x0, cFileName="5qW-bg-R-xNgSvMXRga.swf", cAlternateFileName="5QW-BG~1.SWF")) returned 1 [0212.844] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb7e2d30, ftCreationTime.dwHighDateTime=0x1d9b21f, ftLastAccessTime.dwLowDateTime=0xa5d755c0, ftLastAccessTime.dwHighDateTime=0x1d9b44b, ftLastWriteTime.dwLowDateTime=0xa5d755c0, ftLastWriteTime.dwHighDateTime=0x1d9b44b, nFileSizeHigh=0x0, nFileSizeLow=0x896d, dwReserved0=0x0, dwReserved1=0x0, cFileName="agiF0Mgb_RU5JL-puA.mp4", cAlternateFileName="AGIF0M~1.MP4")) returned 1 [0212.844] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54d4c820, ftCreationTime.dwHighDateTime=0x1d9a77a, ftLastAccessTime.dwLowDateTime=0x9e8a5200, ftLastAccessTime.dwHighDateTime=0x1d9a9ff, ftLastWriteTime.dwLowDateTime=0x9e8a5200, ftLastWriteTime.dwHighDateTime=0x1d9a9ff, nFileSizeHigh=0x0, nFileSizeLow=0xa210, dwReserved0=0x0, dwReserved1=0x0, cFileName="bvgx7p.mp4", cAlternateFileName="")) returned 1 [0212.844] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1ef6600, ftCreationTime.dwHighDateTime=0x1d9ab4b, ftLastAccessTime.dwLowDateTime=0xa9748610, ftLastAccessTime.dwHighDateTime=0x1d9acbe, ftLastWriteTime.dwLowDateTime=0xa9748610, ftLastWriteTime.dwHighDateTime=0x1d9acbe, nFileSizeHigh=0x0, nFileSizeLow=0x7649, dwReserved0=0x0, dwReserved1=0x0, cFileName="fXxMWm d8JJEy8Xtw7j.mkv", cAlternateFileName="FXXMWM~1.MKV")) returned 1 [0212.844] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e1e7590, ftCreationTime.dwHighDateTime=0x1d9a7a8, ftLastAccessTime.dwLowDateTime=0x3ca44830, ftLastAccessTime.dwHighDateTime=0x1d9addc, ftLastWriteTime.dwLowDateTime=0x3ca44830, ftLastWriteTime.dwHighDateTime=0x1d9addc, nFileSizeHigh=0x0, nFileSizeLow=0x80cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="IGswwfaj7bocMgDD8h.mp4", cAlternateFileName="IGSWWF~1.MP4")) returned 1 [0212.844] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2b22d10, ftCreationTime.dwHighDateTime=0x1d9b091, ftLastAccessTime.dwLowDateTime=0x7d6c0b20, ftLastAccessTime.dwHighDateTime=0x1d9b190, ftLastWriteTime.dwLowDateTime=0x7d6c0b20, ftLastWriteTime.dwHighDateTime=0x1d9b190, nFileSizeHigh=0x0, nFileSizeLow=0x16361, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jfz.flv", cAlternateFileName="")) returned 1 [0212.845] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x614bd5f0, ftCreationTime.dwHighDateTime=0x1d9af98, ftLastAccessTime.dwLowDateTime=0xddc8ea00, ftLastAccessTime.dwHighDateTime=0x1d9b2ef, ftLastWriteTime.dwLowDateTime=0xddc8ea00, ftLastWriteTime.dwHighDateTime=0x1d9b2ef, nFileSizeHigh=0x0, nFileSizeLow=0x4e53, dwReserved0=0x0, dwReserved1=0x0, cFileName="K5ffhBZ_oKW08-.avi", cAlternateFileName="K5FFHB~1.AVI")) returned 1 [0212.845] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71731020, ftCreationTime.dwHighDateTime=0x1d9a934, ftLastAccessTime.dwLowDateTime=0x480655a0, ftLastAccessTime.dwHighDateTime=0x1d9a99b, ftLastWriteTime.dwLowDateTime=0x480655a0, ftLastWriteTime.dwHighDateTime=0x1d9a99b, nFileSizeHigh=0x0, nFileSizeLow=0xe7d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="kw_J4Vonl x.flv", cAlternateFileName="KW_J4V~1.FLV")) returned 1 [0212.845] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5b2fc0, ftCreationTime.dwHighDateTime=0x1d9a84c, ftLastAccessTime.dwLowDateTime=0x269ddf00, ftLastAccessTime.dwHighDateTime=0x1d9aebe, ftLastWriteTime.dwLowDateTime=0x269ddf00, ftLastWriteTime.dwHighDateTime=0x1d9aebe, nFileSizeHigh=0x0, nFileSizeLow=0x6a17, dwReserved0=0x0, dwReserved1=0x0, cFileName="nB AQx7sl6TsWS3Uq0.mp4", cAlternateFileName="NBAQX7~1.MP4")) returned 1 [0212.845] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5980cd00, ftCreationTime.dwHighDateTime=0x1d9a988, ftLastAccessTime.dwLowDateTime=0xf464a400, ftLastAccessTime.dwHighDateTime=0x1d9b00d, ftLastWriteTime.dwLowDateTime=0xf464a400, ftLastWriteTime.dwHighDateTime=0x1d9b00d, nFileSizeHigh=0x0, nFileSizeLow=0x1357a, dwReserved0=0x0, dwReserved1=0x0, cFileName="PwooGXZQuiXQ3.avi", cAlternateFileName="PWOOGX~1.AVI")) returned 1 [0212.845] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde2b5020, ftCreationTime.dwHighDateTime=0x1d9a93d, ftLastAccessTime.dwLowDateTime=0x6f0bc9a0, ftLastAccessTime.dwHighDateTime=0x1d9ad51, ftLastWriteTime.dwLowDateTime=0x6f0bc9a0, ftLastWriteTime.dwHighDateTime=0x1d9ad51, nFileSizeHigh=0x0, nFileSizeLow=0xf899, dwReserved0=0x0, dwReserved1=0x0, cFileName="srqzB.flv", cAlternateFileName="")) returned 1 [0212.845] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c693940, ftCreationTime.dwHighDateTime=0x1d9aae2, ftLastAccessTime.dwLowDateTime=0xf4ebea70, ftLastAccessTime.dwHighDateTime=0x1d9b0d3, ftLastWriteTime.dwLowDateTime=0xf4ebea70, ftLastWriteTime.dwHighDateTime=0x1d9b0d3, nFileSizeHigh=0x0, nFileSizeLow=0x15ea4, dwReserved0=0x0, dwReserved1=0x0, cFileName="t24Q2Z.mp4", cAlternateFileName="")) returned 1 [0212.845] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64f220d0, ftCreationTime.dwHighDateTime=0x1d9b239, ftLastAccessTime.dwLowDateTime=0xc801b050, ftLastAccessTime.dwHighDateTime=0x1d9b35b, ftLastWriteTime.dwLowDateTime=0xc801b050, ftLastWriteTime.dwHighDateTime=0x1d9b35b, nFileSizeHigh=0x0, nFileSizeLow=0xa11, dwReserved0=0x0, dwReserved1=0x0, cFileName="TbVuZEgqlJviltx.mp4", cAlternateFileName="TBVUZE~1.MP4")) returned 1 [0212.845] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e010270, ftCreationTime.dwHighDateTime=0x1d9a7a9, ftLastAccessTime.dwLowDateTime=0x12568910, ftLastAccessTime.dwHighDateTime=0x1d9ae2e, ftLastWriteTime.dwLowDateTime=0x12568910, ftLastWriteTime.dwHighDateTime=0x1d9ae2e, nFileSizeHigh=0x0, nFileSizeLow=0x1794e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wj9zjrVu.mp4", cAlternateFileName="")) returned 1 [0212.845] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d8d970, ftCreationTime.dwHighDateTime=0x1d9b17c, ftLastAccessTime.dwLowDateTime=0xecbf6150, ftLastAccessTime.dwHighDateTime=0x1d9b2aa, ftLastWriteTime.dwLowDateTime=0xecbf6150, ftLastWriteTime.dwHighDateTime=0x1d9b2aa, nFileSizeHigh=0x0, nFileSizeLow=0x107c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xr4V9WaT5ttMZmeN.flv", cAlternateFileName="XR4V9W~1.FLV")) returned 1 [0212.845] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d1b9d50, ftCreationTime.dwHighDateTime=0x1d9a8ba, ftLastAccessTime.dwLowDateTime=0x11130420, ftLastAccessTime.dwHighDateTime=0x1d9b171, ftLastWriteTime.dwLowDateTime=0x11130420, ftLastWriteTime.dwHighDateTime=0x1d9b171, nFileSizeHigh=0x0, nFileSizeLow=0x14299, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZRXGsN4Yw6b0TwCVAl.flv", cAlternateFileName="ZRXGSN~1.FLV")) returned 1 [0212.845] FindNextFileW (in: hFindFile=0x600c40, lpFindFileData=0x1abcec60 | out: lpFindFileData=0x1abcec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d1b9d50, ftCreationTime.dwHighDateTime=0x1d9a8ba, ftLastAccessTime.dwLowDateTime=0x11130420, ftLastAccessTime.dwHighDateTime=0x1d9b171, ftLastWriteTime.dwLowDateTime=0x11130420, ftLastWriteTime.dwHighDateTime=0x1d9b171, nFileSizeHigh=0x0, nFileSizeLow=0x14299, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZRXGsN4Yw6b0TwCVAl.flv", cAlternateFileName="ZRXGSN~1.FLV")) returned 0 [0212.845] FindClose (in: hFindFile=0x600c40 | out: hFindFile=0x600c40) returned 1 [0212.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb88) returned 1 [0212.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceda8) returned 1 [0212.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0212.846] GetFullPathNameW (in: lpFileName="C:\\Users\\Public", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public", lpFilePart=0x0) returned 0xf [0212.847] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*.*" (normalized: "c:\\users\\public\\*.*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xd69f12d9, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.847] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xd69f12d9, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.847] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x51b6b958, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51b6b958, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccountPictures", cAlternateFileName="ACCOUN~1")) returned 1 [0212.847] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x8f2eb8ba, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x93eebf83, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0212.847] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b733fd, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xd69f12d9, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.847] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x51bde0ec, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x811eb399, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="")) returned 1 [0212.847] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc9b997bc, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="")) returned 1 [0212.847] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xb96059c, ftLastAccessTime.dwHighDateTime=0x1d5ace1, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="")) returned 1 [0212.848] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x51fe3fad, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0212.848] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x51e1a3cc, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0212.848] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x516f3163, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0212.848] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abceef0 | out: lpFindFileData=0x1abceef0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x516f3163, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0212.848] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcee18) returned 1 [0212.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcf068) returned 1 [0212.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcf088) returned 1 [0212.848] GetFullPathNameW (in: lpFileName="C:\\Users\\Public", nBufferLength=0x105, lpBuffer=0x1abceb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public", lpFilePart=0x0) returned 0xf [0212.849] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*" (normalized: "c:\\users\\public\\*"), lpFindFileData=0x1abcee30 | out: lpFindFileData=0x1abcee30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xd69f12d9, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a20 [0212.849] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xd69f12d9, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.849] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x51b6b958, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51b6b958, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccountPictures", cAlternateFileName="ACCOUN~1")) returned 1 [0212.849] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x8f2eb8ba, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x93eebf83, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0212.850] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b733fd, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xd69f12d9, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.850] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x51bde0ec, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x811eb399, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="")) returned 1 [0212.850] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc9b997bc, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="")) returned 1 [0212.850] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xb96059c, ftLastAccessTime.dwHighDateTime=0x1d5ace1, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="")) returned 1 [0212.850] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x51fe3fad, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0212.850] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x51e1a3cc, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0212.850] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x516f3163, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0212.850] FindNextFileW (in: hFindFile=0x601a20, lpFindFileData=0x1abcee60 | out: lpFindFileData=0x1abcee60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.851] FindClose (in: hFindFile=0x601a20 | out: hFindFile=0x601a20) returned 1 [0212.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced88) returned 1 [0212.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcefa8) returned 1 [0212.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.851] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\AccountPictures", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\AccountPictures", lpFilePart=0x0) returned 0x1f [0212.852] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\AccountPictures\\*.*" (normalized: "c:\\users\\public\\accountpictures\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x51b6b958, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51b6b958, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.852] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x51b6b958, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51b6b958, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.852] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x51b6b958, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51b6b958, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.852] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.853] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0212.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.853] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.853] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\AccountPictures", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\AccountPictures", lpFilePart=0x0) returned 0x1f [0212.857] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\AccountPictures\\*" (normalized: "c:\\users\\public\\accountpictures\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x51b6b958, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x133f865a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0212.857] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x51b6b958, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x133f865a, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.857] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x51b6b958, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51b6b958, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.857] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x51b6b958, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x51b6b958, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x51b6b958, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0212.858] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0212.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.858] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop", lpFilePart=0x0) returned 0x17 [0212.858] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*.*" (normalized: "c:\\users\\public\\desktop\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x8f2eb8ba, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x93eebf83, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6018a0 [0212.859] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x8f2eb8ba, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x93eebf83, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.859] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a0a9afe, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x8f2eb8ba, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x2a0cfd7b, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x852, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat Reader.lnk", cAlternateFileName="ACROBA~1.LNK")) returned 1 [0212.859] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b733fd, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xd69f12d9, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.859] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93ec5f1e, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x8f2eb8ba, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x93eebf83, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x3e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Firefox.lnk", cAlternateFileName="")) returned 1 [0212.860] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79800a3a, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x8f2eb8ba, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x7984c264, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x8d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Edge.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0212.860] FindNextFileW (in: hFindFile=0x6018a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.860] FindClose (in: hFindFile=0x6018a0 | out: hFindFile=0x6018a0) returned 1 [0212.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.860] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop", lpFilePart=0x0) returned 0x17 [0212.861] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*" (normalized: "c:\\users\\public\\desktop\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x1341e6ef, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x93eebf83, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601420 [0212.861] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x1341e6ef, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x93eebf83, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.861] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a0a9afe, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x8f2eb8ba, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x2a0cfd7b, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x852, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat Reader.lnk", cAlternateFileName="ACROBA~1.LNK")) returned 1 [0212.861] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b733fd, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xd69f12d9, ftLastAccessTime.dwHighDateTime=0x1da1c11, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.861] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93ec5f1e, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x8f2eb8ba, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x93eebf83, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x3e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Firefox.lnk", cAlternateFileName="")) returned 1 [0212.861] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79800a3a, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x8f2eb8ba, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x7984c264, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x8d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Edge.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0212.861] FindNextFileW (in: hFindFile=0x601420, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79800a3a, ftCreationTime.dwHighDateTime=0x1d94216, ftLastAccessTime.dwLowDateTime=0x8f2eb8ba, ftLastAccessTime.dwHighDateTime=0x1d9b55c, ftLastWriteTime.dwLowDateTime=0x7984c264, ftLastWriteTime.dwHighDateTime=0x1d94216, nFileSizeHigh=0x0, nFileSizeLow=0x8d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Edge.lnk", cAlternateFileName="MICROS~1.LNK")) returned 0 [0212.862] FindClose (in: hFindFile=0x601420 | out: hFindFile=0x601420) returned 1 [0212.862] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.862] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.862] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents", lpFilePart=0x0) returned 0x19 [0212.863] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*.*" (normalized: "c:\\users\\public\\documents\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x51bde0ec, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x811eb399, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601000 [0212.870] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x51bde0ec, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0x811eb399, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.870] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b733fd, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x2b408db4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.871] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0212.871] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0212.871] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0212.871] FindNextFileW (in: hFindFile=0x601000, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0212.871] FindClose (in: hFindFile=0x601000 | out: hFindFile=0x601000) returned 1 [0212.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.872] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents", lpFilePart=0x0) returned 0x19 [0212.874] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*" (normalized: "c:\\users\\public\\documents\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x13444b7d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x811eb399, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6017e0 [0212.875] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x13444b7d, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0x811eb399, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.875] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b733fd, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x2b408db4, ftLastAccessTime.dwHighDateTime=0x1d94216, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.875] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0212.875] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0212.875] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x811c5204, ftCreationTime.dwHighDateTime=0x1d94210, ftLastAccessTime.dwLowDateTime=0x811c5204, ftLastAccessTime.dwHighDateTime=0x1d94210, ftLastWriteTime.dwLowDateTime=0x811c5204, ftLastWriteTime.dwHighDateTime=0x1d94210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0212.875] FindNextFileW (in: hFindFile=0x6017e0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.876] FindClose (in: hFindFile=0x6017e0 | out: hFindFile=0x6017e0) returned 1 [0212.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.877] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\My Music", lpFilePart=0x0) returned 0x22 [0212.877] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\*.*" (normalized: "c:\\users\\public\\documents\\my music\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb58) returned 1 [0212.883] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.883] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\My Pictures", lpFilePart=0x0) returned 0x25 [0212.884] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\*.*" (normalized: "c:\\users\\public\\documents\\my pictures\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb58) returned 1 [0212.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcee88) returned 1 [0212.892] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x1abce930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\My Videos", lpFilePart=0x0) returned 0x23 [0212.893] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\*.*" (normalized: "c:\\users\\public\\documents\\my videos\\*.*"), lpFindFileData=0x1abcec30 | out: lpFindFileData=0x1abcec30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0212.896] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceb58) returned 1 [0212.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.901] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads", lpFilePart=0x0) returned 0x19 [0212.902] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*.*" (normalized: "c:\\users\\public\\downloads\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc9b997bc, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.902] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xc9b997bc, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.902] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x7b3ae47a, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.904] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.904] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0212.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.904] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads", lpFilePart=0x0) returned 0x19 [0212.905] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*" (normalized: "c:\\users\\public\\downloads\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x13490f46, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6010c0 [0212.905] FindNextFileW (in: hFindFile=0x6010c0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x13490f46, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.905] FindNextFileW (in: hFindFile=0x6010c0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x7b3ae47a, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.905] FindNextFileW (in: hFindFile=0x6010c0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x7b3ae47a, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0212.905] FindClose (in: hFindFile=0x6010c0 | out: hFindFile=0x6010c0) returned 1 [0212.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.905] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries", lpFilePart=0x0) returned 0x19 [0212.906] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*.*" (normalized: "c:\\users\\public\\libraries\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xb96059c, ftLastAccessTime.dwHighDateTime=0x1d5ace1, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601180 [0212.906] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0xb96059c, ftLastAccessTime.dwHighDateTime=0x1d5ace1, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.906] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x7b3ae47a, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.908] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x7b3ae47a, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x3e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="")) returned 1 [0212.909] FindNextFileW (in: hFindFile=0x601180, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.909] FindClose (in: hFindFile=0x601180 | out: hFindFile=0x601180) returned 1 [0212.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.909] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.910] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries", lpFilePart=0x0) returned 0x19 [0212.910] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*" (normalized: "c:\\users\\public\\libraries\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x13490f46, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.910] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x13490f46, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xb96059c, ftLastWriteTime.dwHighDateTime=0x1d5ace1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.910] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x7b3ae47a, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0xaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.910] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x7b3ae47a, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x3e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="")) returned 1 [0212.911] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x7b3ae47a, ftLastAccessTime.dwHighDateTime=0x1d5acde, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x3e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="")) returned 0 [0212.911] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.911] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music", lpFilePart=0x0) returned 0x15 [0212.911] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*.*" (normalized: "c:\\users\\public\\music\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x51fe3fad, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600fa0 [0212.912] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x51fe3fad, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.912] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x50ca98bc, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.913] FindNextFileW (in: hFindFile=0x600fa0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.913] FindClose (in: hFindFile=0x600fa0 | out: hFindFile=0x600fa0) returned 1 [0212.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.913] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music", lpFilePart=0x0) returned 0x15 [0212.914] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*" (normalized: "c:\\users\\public\\music\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x13490f46, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6016c0 [0212.914] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x13490f46, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.914] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x50ca98bc, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.914] FindNextFileW (in: hFindFile=0x6016c0, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x50ca98bc, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0212.914] FindClose (in: hFindFile=0x6016c0 | out: hFindFile=0x6016c0) returned 1 [0212.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures", lpFilePart=0x0) returned 0x18 [0212.915] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*.*" (normalized: "c:\\users\\public\\pictures\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x51e1a3cc, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6015a0 [0212.931] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x51e1a3cc, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.932] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x50ca98bc, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.933] FindNextFileW (in: hFindFile=0x6015a0, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.933] FindClose (in: hFindFile=0x6015a0 | out: hFindFile=0x6015a0) returned 1 [0212.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.934] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures", lpFilePart=0x0) returned 0x18 [0212.935] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*" (normalized: "c:\\users\\public\\pictures\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x134dd6a4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601a80 [0212.935] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x134dd6a4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.935] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x50ca98bc, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.936] FindNextFileW (in: hFindFile=0x601a80, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x50ca98bc, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0212.936] FindClose (in: hFindFile=0x601a80 | out: hFindFile=0x601a80) returned 1 [0212.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.936] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos", lpFilePart=0x0) returned 0x16 [0212.937] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*.*" (normalized: "c:\\users\\public\\videos\\*.*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x516f3163, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x600d60 [0212.937] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x516f3163, ftLastAccessTime.dwHighDateTime=0x1d94219, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.937] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x50ca98bc, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.938] FindNextFileW (in: hFindFile=0x600d60, lpFindFileData=0x1abcedf0 | out: lpFindFileData=0x1abcedf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.938] FindClose (in: hFindFile=0x600d60 | out: hFindFile=0x600d60) returned 1 [0212.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abced18) returned 1 [0212.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcef68) returned 1 [0212.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1abcef88) returned 1 [0212.939] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos", nBufferLength=0x105, lpBuffer=0x1abcea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos", lpFilePart=0x0) returned 0x16 [0212.940] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*" (normalized: "c:\\users\\public\\videos\\*"), lpFindFileData=0x1abced30 | out: lpFindFileData=0x1abced30*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x134dd6a4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x601540 [0212.940] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc86967d2, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x134dd6a4, ftLastAccessTime.dwHighDateTime=0x1da1c12, ftLastWriteTime.dwLowDateTime=0xc9b997bc, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.940] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x50ca98bc, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0212.940] FindNextFileW (in: hFindFile=0x601540, lpFindFileData=0x1abced60 | out: lpFindFileData=0x1abced60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9b997bc, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x50ca98bc, ftLastAccessTime.dwHighDateTime=0x1d94218, ftLastWriteTime.dwLowDateTime=0x7b3ae47a, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0212.940] FindClose (in: hFindFile=0x601540 | out: hFindFile=0x601540) returned 1 [0212.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abcec88) returned 1 [0212.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1abceea8) returned 1 [0212.942] CoUninitialize () Thread: id = 7 os_tid = 0x1740 Thread: id = 8 os_tid = 0x10a0 Thread: id = 9 os_tid = 0x210 Thread: id = 10 os_tid = 0xd9c [0242.834] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0242.834] RoInitialize () returned 0x1 [0242.834] RoUninitialize () returned 0x0 [0242.842] SetConsoleCtrlHandler (HandlerRoutine=0x1ad6097c, Add=1) returned 1 [0242.843] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0242.844] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0242.848] GetClassInfoW (in: hInstance=0x10000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x2168b80 | out: lpWndClass=0x2168b80) returned 0 [0242.852] CoTaskMemAlloc (cb=0x58) returned 0x62c860 [0242.852] RegisterClassW (lpWndClass=0x1cc6f1a0) returned 0xc1e5 [0242.853] CoTaskMemFree (pv=0x62c860) [0242.856] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x10000, lpParam=0x0) returned 0xb0378 [0242.863] NtdllDefWindowProc_W () returned 0x1 [0242.881] NtdllDefWindowProc_W () returned 0x0 [0242.881] NtdllDefWindowProc_W () returned 0x0 [0242.882] NtdllDefWindowProc_W () returned 0x0 [0242.882] NtdllDefWindowProc_W () returned 0x0 [0242.898] SetEvent (hEvent=0x3e4) returned 1 [0242.899] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0243.109] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0243.472] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0243.734] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0243.899] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0244.079] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0244.431] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0244.868] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0245.118] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0245.447] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0245.790] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0246.023] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0246.161] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0246.325] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0246.515] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0246.771] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0246.989] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0247.205] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0247.401] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0247.531] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0247.767] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.016] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.165] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.289] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.603] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.727] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0248.852] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.032] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.164] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.367] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.532] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.680] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0249.823] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0250.018] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0250.167] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0250.473] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0250.627] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0250.920] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0251.052] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.053] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.206] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.335] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.545] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.659] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0252.961] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0253.588] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.129] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.321] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.614] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.830] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.989] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.145] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.335] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.759] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.902] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0256.054] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0256.579] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0256.741] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0256.932] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0257.056] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0257.348] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0258.486] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0258.833] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.095] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.319] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.531] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.699] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.866] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0260.020] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0260.239] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.262] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.385] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.511] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.636] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.761] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.886] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.018] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.152] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.276] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.401] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.558] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.729] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.870] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.054] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.230] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.370] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.511] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.660] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.777] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.901] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.027] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.151] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.277] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.401] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.526] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.651] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.776] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.948] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.074] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.198] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.324] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.448] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.589] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.729] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.854] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.998] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.134] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.258] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.385] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.508] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.633] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.775] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.898] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.028] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.227] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.352] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.477] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.607] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0268.697] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0269.951] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0270.366] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0270.748] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0270.930] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.056] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.180] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.305] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.447] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.571] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.711] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.836] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.978] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.149] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.381] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.492] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.637] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.758] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0272.914] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.039] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.165] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.461] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.617] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.742] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0273.868] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.008] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.133] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.358] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.508] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.634] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.773] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.898] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.024] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.168] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.308] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.540] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.732] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.945] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.178] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.832] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.999] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.119] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.242] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.450] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.678] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.804] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.978] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.105] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.227] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.359] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.492] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.617] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.744] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.868] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.992] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.153] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.290] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.702] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.947] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.074] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.215] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.412] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.548] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.695] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.851] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.014] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.133] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.415] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.668] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.816] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.946] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.154] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.382] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.649] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.773] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.009] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.206] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.320] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.514] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.712] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.939] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.086] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.319] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.602] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.844] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.133] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.313] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.517] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.871] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.059] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.212] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.351] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.592] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.845] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.011] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.150] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.274] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.623] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.791] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.925] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.055] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.179] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.440] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.619] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.056] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.379] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.536] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.716] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.926] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.099] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.253] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.369] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.508] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.633] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.758] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.924] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0291.070] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0291.195] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0291.320] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0291.674] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.353] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.666] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.795] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.946] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.073] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.195] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.321] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.445] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.680] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.807] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.962] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.086] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.215] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.336] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.491] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.989] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.149] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.276] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.398] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.525] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.742] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.929] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.079] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.217] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.336] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.461] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.744] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0296.868] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.002] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.117] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.258] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.383] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.550] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0297.942] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.056] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.180] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.305] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.477] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.789] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0298.914] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.039] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.164] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.290] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.423] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.566] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0299.842] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0300.093] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0300.265] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0300.464] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0300.614] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0301.590] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0301.957] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0302.118] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0302.275] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0302.497] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0302.938] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0303.083] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0303.211] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0303.336] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0303.578] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0303.863] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0304.097] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0304.274] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0304.398] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0304.528] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0304.805] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0305.040] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0305.175] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0305.290] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0305.445] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0305.570] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0306.037] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0306.164] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0306.308] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0306.430] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0306.555] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0306.927] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0307.241] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0307.352] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0307.497] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0307.617] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0307.805] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0307.958] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0308.070] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0308.206] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0308.339] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0308.516] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0308.775] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0308.899] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0309.024] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0309.148] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0309.274] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0309.399] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0309.547] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0309.664] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0309.867] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0309.992] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0310.321] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0310.452] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0310.601] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0310.865] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0311.068] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0311.212] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0311.337] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0311.559] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0311.680] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0311.895] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0312.009] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0312.136] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0312.312] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0312.430] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0312.575] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0312.711] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0312.836] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0312.961] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0313.311] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0313.978] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0314.117] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0314.242] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0314.367] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0314.616] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0315.189] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0315.433] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0315.554] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0315.681] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0315.835] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0315.969] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0316.158] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0316.332] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0316.459] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0316.585] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0316.734] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0316.912] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0317.031] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0317.148] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0317.276] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0317.398] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0317.570] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0317.695] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0317.882] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0318.036] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0318.164] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0318.289] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0318.413] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0318.573] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0318.698] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0318.851] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0318.992] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0319.122] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0319.242] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0319.384] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0319.507] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0319.659] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0319.858] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0319.976] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0320.101] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0320.229] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0320.367] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0320.492] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0320.617] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0320.742] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0320.883] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0321.039] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0321.164] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0321.308] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0321.430] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0321.617] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0321.742] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0321.882] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) Thread: id = 11 os_tid = 0x1004 [0249.747] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0249.754] RoInitialize () returned 0x1 [0249.754] RoUninitialize () returned 0x0 [0249.796] ShellExecuteExW (in: pExecInfo=0x21e54d0*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="https://primearea.biz/product/235093/", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x21e54d0*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="https://primearea.biz/product/235093/", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0257.087] CoGetContextToken (in: pToken=0x1e20fa30 | out: pToken=0x1e20fa30) returned 0x0 [0257.128] CoUninitialize () Thread: id = 12 os_tid = 0x6bc Thread: id = 13 os_tid = 0x109c Thread: id = 23 os_tid = 0x10f0 Thread: id = 30 os_tid = 0x17a0 Thread: id = 31 os_tid = 0x1558 Process: id = "2" image_name = "sihost.exe" filename = "c:\\windows\\system32\\sihost.exe" page_root = "0xbc10000" os_pid = "0x888" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x144" cmd_line = "sihost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001cfa9" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 669 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 670 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 671 start_va = 0x30000 end_va = 0x4cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 672 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 673 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 674 start_va = 0xe0000 end_va = 0xe1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 675 start_va = 0xf0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 676 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 677 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 678 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 679 start_va = 0x1f0000 end_va = 0x1f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 680 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 681 start_va = 0x400000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 682 start_va = 0x480000 end_va = 0x487fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 683 start_va = 0x490000 end_va = 0x490fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 684 start_va = 0x4a0000 end_va = 0x4a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 685 start_va = 0x4b0000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 686 start_va = 0x530000 end_va = 0x530fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 687 start_va = 0x540000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 688 start_va = 0x640000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 689 start_va = 0x740000 end_va = 0x740fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 690 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 691 start_va = 0x7b0000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 692 start_va = 0x9b0000 end_va = 0xb30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 693 start_va = 0xb40000 end_va = 0x1f40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 694 start_va = 0x1f50000 end_va = 0x2287fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 695 start_va = 0x2290000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 696 start_va = 0x2410000 end_va = 0x248ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 697 start_va = 0x2590000 end_va = 0x260ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 698 start_va = 0x2620000 end_va = 0x262ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 699 start_va = 0x2630000 end_va = 0x26affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002630000" filename = "" Region: id = 700 start_va = 0x26b0000 end_va = 0x2eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026b0000" filename = "" Region: id = 701 start_va = 0x2eb0000 end_va = 0x2faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002eb0000" filename = "" Region: id = 702 start_va = 0x3030000 end_va = 0x312ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003030000" filename = "" Region: id = 703 start_va = 0x3130000 end_va = 0x31affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003130000" filename = "" Region: id = 704 start_va = 0x32b0000 end_va = 0x32f6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032b0000" filename = "" Region: id = 705 start_va = 0x3300000 end_va = 0x343efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 706 start_va = 0x3440000 end_va = 0x353ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003440000" filename = "" Region: id = 707 start_va = 0x3540000 end_va = 0x35bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 708 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 709 start_va = 0x7ff4fde90000 end_va = 0x7ff4fdf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff4fde90000" filename = "" Region: id = 710 start_va = 0x7ff4fdf90000 end_va = 0x7ff5fdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdf90000" filename = "" Region: id = 711 start_va = 0x7ff5fdfb0000 end_va = 0x7ff5fffb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fdfb0000" filename = "" Region: id = 712 start_va = 0x7ff5fffc0000 end_va = 0x7ff5fffc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffc0000" filename = "" Region: id = 713 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 714 start_va = 0x7ff6e9ff0000 end_va = 0x7ff6ea010fff monitored = 0 entry_point = 0x7ff6e9ff5d50 region_type = mapped_file name = "sihost.exe" filename = "\\Windows\\System32\\sihost.exe" (normalized: "c:\\windows\\system32\\sihost.exe") Region: id = 715 start_va = 0x7ffa911b0000 end_va = 0x7ffa914dbfff monitored = 0 entry_point = 0x7ffa912a11e0 region_type = mapped_file name = "tquery.dll" filename = "\\Windows\\System32\\tquery.dll" (normalized: "c:\\windows\\system32\\tquery.dll") Region: id = 716 start_va = 0x7ffa914e0000 end_va = 0x7ffa917bcfff monitored = 0 entry_point = 0x7ffa915a5670 region_type = mapped_file name = "mssrch.dll" filename = "\\Windows\\System32\\mssrch.dll" (normalized: "c:\\windows\\system32\\mssrch.dll") Region: id = 717 start_va = 0x7ffa917c0000 end_va = 0x7ffa91806fff monitored = 0 entry_point = 0x7ffa917edc00 region_type = mapped_file name = "container.dll" filename = "\\Windows\\System32\\container.dll" (normalized: "c:\\windows\\system32\\container.dll") Region: id = 718 start_va = 0x7ffa918f0000 end_va = 0x7ffa91989fff monitored = 0 entry_point = 0x7ffa918f60e0 region_type = mapped_file name = "uiamanager.dll" filename = "\\Windows\\System32\\UiaManager.dll" (normalized: "c:\\windows\\system32\\uiamanager.dll") Region: id = 719 start_va = 0x7ffa91990000 end_va = 0x7ffa91a34fff monitored = 0 entry_point = 0x7ffa919967f0 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 720 start_va = 0x7ffa91a40000 end_va = 0x7ffa91a54fff monitored = 0 entry_point = 0x7ffa91a49e10 region_type = mapped_file name = "packagestatechangehandler.dll" filename = "\\Windows\\System32\\PackageStateChangeHandler.dll" (normalized: "c:\\windows\\system32\\packagestatechangehandler.dll") Region: id = 721 start_va = 0x7ffa91a60000 end_va = 0x7ffa91b1bfff monitored = 0 entry_point = 0x7ffa91add430 region_type = mapped_file name = "windows.system.launcher.dll" filename = "\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll") Region: id = 722 start_va = 0x7ffa91b20000 end_va = 0x7ffa91c33fff monitored = 0 entry_point = 0x7ffa91b27b20 region_type = mapped_file name = "sharehost.dll" filename = "\\Windows\\System32\\ShareHost.dll" (normalized: "c:\\windows\\system32\\sharehost.dll") Region: id = 723 start_va = 0x7ffa91c40000 end_va = 0x7ffa91d1efff monitored = 0 entry_point = 0x7ffa91c7edd0 region_type = mapped_file name = "appcontracts.dll" filename = "\\Windows\\System32\\AppContracts.dll" (normalized: "c:\\windows\\system32\\appcontracts.dll") Region: id = 724 start_va = 0x7ffa91d20000 end_va = 0x7ffa91d2efff monitored = 0 entry_point = 0x7ffa91d22640 region_type = mapped_file name = "notificationplatformcomponent.dll" filename = "\\Windows\\System32\\notificationplatformcomponent.dll" (normalized: "c:\\windows\\system32\\notificationplatformcomponent.dll") Region: id = 725 start_va = 0x7ffa91e50000 end_va = 0x7ffa91ff4fff monitored = 0 entry_point = 0x7ffa91e9de70 region_type = mapped_file name = "windowmanagement.dll" filename = "\\Windows\\System32\\WindowManagement.dll" (normalized: "c:\\windows\\system32\\windowmanagement.dll") Region: id = 726 start_va = 0x7ffa92190000 end_va = 0x7ffa921a7fff monitored = 0 entry_point = 0x7ffa92191bf0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 727 start_va = 0x7ffa928a0000 end_va = 0x7ffa928f8fff monitored = 0 entry_point = 0x7ffa928adaa0 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 728 start_va = 0x7ffa92900000 end_va = 0x7ffa9297cfff monitored = 0 entry_point = 0x7ffa9291ccd0 region_type = mapped_file name = "modernexecserver.dll" filename = "\\Windows\\System32\\modernexecserver.dll" (normalized: "c:\\windows\\system32\\modernexecserver.dll") Region: id = 729 start_va = 0x7ffa92b60000 end_va = 0x7ffa92b7dfff monitored = 0 entry_point = 0x7ffa92b6fd70 region_type = mapped_file name = "coreshellextframework.dll" filename = "\\Windows\\System32\\CoreShellExtFramework.dll" (normalized: "c:\\windows\\system32\\coreshellextframework.dll") Region: id = 730 start_va = 0x7ffa92b80000 end_va = 0x7ffa92b8afff monitored = 0 entry_point = 0x7ffa92b83070 region_type = mapped_file name = "fltlib.dll" filename = "\\Windows\\System32\\fltLib.dll" (normalized: "c:\\windows\\system32\\fltlib.dll") Region: id = 731 start_va = 0x7ffa92b90000 end_va = 0x7ffa92c3dfff monitored = 0 entry_point = 0x7ffa92bff9d0 region_type = mapped_file name = "daxexec.dll" filename = "\\Windows\\System32\\daxexec.dll" (normalized: "c:\\windows\\system32\\daxexec.dll") Region: id = 732 start_va = 0x7ffa92d30000 end_va = 0x7ffa92d57fff monitored = 0 entry_point = 0x7ffa92d32cd0 region_type = mapped_file name = "appointmentactivation.dll" filename = "\\Windows\\System32\\AppointmentActivation.dll" (normalized: "c:\\windows\\system32\\appointmentactivation.dll") Region: id = 733 start_va = 0x7ffa92d60000 end_va = 0x7ffa92e25fff monitored = 0 entry_point = 0x7ffa92d87770 region_type = mapped_file name = "activationmanager.dll" filename = "\\Windows\\System32\\ActivationManager.dll" (normalized: "c:\\windows\\system32\\activationmanager.dll") Region: id = 734 start_va = 0x7ffa92e30000 end_va = 0x7ffa92e6bfff monitored = 0 entry_point = 0x7ffa92e36a40 region_type = mapped_file name = "clipboardserver.dll" filename = "\\Windows\\System32\\ClipboardServer.dll" (normalized: "c:\\windows\\system32\\clipboardserver.dll") Region: id = 735 start_va = 0x7ffa939a0000 end_va = 0x7ffa939bcfff monitored = 0 entry_point = 0x7ffa939a6080 region_type = mapped_file name = "windows.shell.servicehostbuilder.dll" filename = "\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll") Region: id = 736 start_va = 0x7ffa939c0000 end_va = 0x7ffa939dffff monitored = 0 entry_point = 0x7ffa939c44b0 region_type = mapped_file name = "desktopshellext.dll" filename = "\\Windows\\System32\\DesktopShellExt.dll" (normalized: "c:\\windows\\system32\\desktopshellext.dll") Region: id = 737 start_va = 0x7ffa93a70000 end_va = 0x7ffa93a8cfff monitored = 0 entry_point = 0x7ffa93a728d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 738 start_va = 0x7ffa93f00000 end_va = 0x7ffa93f7cfff monitored = 0 entry_point = 0x7ffa93f03a80 region_type = mapped_file name = "onecorecommonproxystub.dll" filename = "\\Windows\\System32\\OneCoreCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\onecorecommonproxystub.dll") Region: id = 739 start_va = 0x7ffa95820000 end_va = 0x7ffa95b4afff monitored = 0 entry_point = 0x7ffa958baa20 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 740 start_va = 0x7ffa97590000 end_va = 0x7ffa975a0fff monitored = 0 entry_point = 0x7ffa97593900 region_type = mapped_file name = "windows.staterepositorycore.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryCore.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorycore.dll") Region: id = 741 start_va = 0x7ffa980d0000 end_va = 0x7ffa9824ffff monitored = 0 entry_point = 0x7ffa980f7430 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 742 start_va = 0x7ffa98aa0000 end_va = 0x7ffa98b24fff monitored = 0 entry_point = 0x7ffa98ac0b70 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 743 start_va = 0x7ffa9b670000 end_va = 0x7ffa9b7c0fff monitored = 0 entry_point = 0x7ffa9b688050 region_type = mapped_file name = "inputhost.dll" filename = "\\Windows\\System32\\InputHost.dll" (normalized: "c:\\windows\\system32\\inputhost.dll") Region: id = 744 start_va = 0x7ffa9bc60000 end_va = 0x7ffa9bcb3fff monitored = 0 entry_point = 0x7ffa9bc6dee0 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 745 start_va = 0x7ffa9bcc0000 end_va = 0x7ffa9bdb7fff monitored = 0 entry_point = 0x7ffa9bcd73e0 region_type = mapped_file name = "appxdeploymentclient.dll" filename = "\\Windows\\System32\\AppXDeploymentClient.dll" (normalized: "c:\\windows\\system32\\appxdeploymentclient.dll") Region: id = 746 start_va = 0x7ffa9d180000 end_va = 0x7ffa9d195fff monitored = 0 entry_point = 0x7ffa9d184250 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 747 start_va = 0x7ffa9d360000 end_va = 0x7ffa9daf0fff monitored = 0 entry_point = 0x7ffa9d375f30 region_type = mapped_file name = "onecoreuapcommonproxystub.dll" filename = "\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\onecoreuapcommonproxystub.dll") Region: id = 748 start_va = 0x7ffa9df50000 end_va = 0x7ffa9e151fff monitored = 0 entry_point = 0x7ffa9dfbd800 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 749 start_va = 0x7ffa9f4e0000 end_va = 0x7ffa9f5d4fff monitored = 0 entry_point = 0x7ffa9f522860 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 750 start_va = 0x7ffa9f640000 end_va = 0x7ffa9f653fff monitored = 0 entry_point = 0x7ffa9f6428c0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 751 start_va = 0x7ffa9f870000 end_va = 0x7ffa9f9c5fff monitored = 0 entry_point = 0x7ffa9f89b240 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 752 start_va = 0x7ffa9ff40000 end_va = 0x7ffaa0299fff monitored = 0 entry_point = 0x7ffa9ffc2d50 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 753 start_va = 0x7ffaa02a0000 end_va = 0x7ffaa0391fff monitored = 0 entry_point = 0x7ffaa02f70f0 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 754 start_va = 0x7ffaa05a0000 end_va = 0x7ffaa063efff monitored = 0 entry_point = 0x7ffaa05c9120 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 755 start_va = 0x7ffaa0850000 end_va = 0x7ffaa0879fff monitored = 0 entry_point = 0x7ffaa0859e30 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 756 start_va = 0x7ffaa0a60000 end_va = 0x7ffaa0a72fff monitored = 0 entry_point = 0x7ffaa0a63f60 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 757 start_va = 0x7ffaa0c60000 end_va = 0x7ffaa13e9fff monitored = 0 entry_point = 0x7ffaa0e1c050 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 758 start_va = 0x7ffaa1940000 end_va = 0x7ffaa1972fff monitored = 0 entry_point = 0x7ffaa1946930 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 759 start_va = 0x7ffaa1c10000 end_va = 0x7ffaa1c99fff monitored = 0 entry_point = 0x7ffaa1c55870 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 760 start_va = 0x7ffaa1ed0000 end_va = 0x7ffaa1f0afff monitored = 0 entry_point = 0x7ffaa1eda620 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 761 start_va = 0x7ffaa2250000 end_va = 0x7ffaa2264fff monitored = 0 entry_point = 0x7ffaa2258620 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 762 start_va = 0x7ffaa2460000 end_va = 0x7ffaa24b9fff monitored = 0 entry_point = 0x7ffaa246b770 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 763 start_va = 0x7ffaa24c0000 end_va = 0x7ffaa24eafff monitored = 0 entry_point = 0x7ffaa24c2db0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 764 start_va = 0x7ffaa2800000 end_va = 0x7ffaa282bfff monitored = 0 entry_point = 0x7ffaa2807370 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 765 start_va = 0x7ffaa2850000 end_va = 0x7ffaa2861fff monitored = 0 entry_point = 0x7ffaa2853e30 region_type = mapped_file name = "umpdc.dll" filename = "\\Windows\\System32\\umpdc.dll" (normalized: "c:\\windows\\system32\\umpdc.dll") Region: id = 766 start_va = 0x7ffaa2870000 end_va = 0x7ffaa28bafff monitored = 0 entry_point = 0x7ffaa2873480 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 767 start_va = 0x7ffaa2970000 end_va = 0x7ffaa299dfff monitored = 0 entry_point = 0x7ffaa2974f10 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 768 start_va = 0x7ffaa29f0000 end_va = 0x7ffaa2a0efff monitored = 0 entry_point = 0x7ffaa29f8ca0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 769 start_va = 0x7ffaa2ab0000 end_va = 0x7ffaa2ad6fff monitored = 0 entry_point = 0x7ffaa2ab8690 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 770 start_va = 0x7ffaa2ae0000 end_va = 0x7ffaa2be9fff monitored = 0 entry_point = 0x7ffaa2b11300 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll") Region: id = 771 start_va = 0x7ffaa2d50000 end_va = 0x7ffaa2e4ffff monitored = 0 entry_point = 0x7ffaa2d65ac0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 772 start_va = 0x7ffaa2e50000 end_va = 0x7ffaa2ecefff monitored = 0 entry_point = 0x7ffaa2e873e0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 773 start_va = 0x7ffaa2ed0000 end_va = 0x7ffaa2f1cfff monitored = 0 entry_point = 0x7ffaa2ee3280 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 774 start_va = 0x7ffaa2f20000 end_va = 0x7ffaa2f41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll") Region: id = 775 start_va = 0x7ffaa2f50000 end_va = 0x7ffaa2fecfff monitored = 0 entry_point = 0x7ffaa2f65390 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 776 start_va = 0x7ffaa2ff0000 end_va = 0x7ffaa32b6fff monitored = 0 entry_point = 0x7ffaa3001bd0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 777 start_va = 0x7ffaa3430000 end_va = 0x7ffaa34ddfff monitored = 0 entry_point = 0x7ffaa346b940 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 778 start_va = 0x7ffaa3540000 end_va = 0x7ffaa35dafff monitored = 0 entry_point = 0x7ffaa355c3e0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 779 start_va = 0x7ffaa35e0000 end_va = 0x7ffaa3634fff monitored = 0 entry_point = 0x7ffaa35ea7e0 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 780 start_va = 0x7ffaa36e0000 end_va = 0x7ffaa387ffff monitored = 0 entry_point = 0x7ffaa36f7a10 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 781 start_va = 0x7ffaa3a50000 end_va = 0x7ffaa3b0cfff monitored = 0 entry_point = 0x7ffaa3a67070 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 782 start_va = 0x7ffaa3ca0000 end_va = 0x7ffaa3d3dfff monitored = 0 entry_point = 0x7ffaa3ca7850 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 783 start_va = 0x7ffaa3d40000 end_va = 0x7ffaa3e14fff monitored = 0 entry_point = 0x7ffaa3d5d190 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 784 start_va = 0x7ffaa3e20000 end_va = 0x7ffaa3e4ffff monitored = 0 entry_point = 0x7ffaa3e214d0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 785 start_va = 0x7ffaa3e50000 end_va = 0x7ffaa3f72fff monitored = 0 entry_point = 0x7ffaa3eada30 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 786 start_va = 0x7ffaa3f80000 end_va = 0x7ffaa42d3fff monitored = 0 entry_point = 0x7ffaa4071d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 787 start_va = 0x7ffaa4760000 end_va = 0x7ffaa4789fff monitored = 0 entry_point = 0x7ffaa47648d0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 788 start_va = 0x7ffaa4790000 end_va = 0x7ffaa47fafff monitored = 0 entry_point = 0x7ffaa47a4300 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 789 start_va = 0x7ffaa4800000 end_va = 0x7ffaa4928fff monitored = 0 entry_point = 0x7ffaa4826140 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 790 start_va = 0x7ffaa50f0000 end_va = 0x7ffaa5197fff monitored = 0 entry_point = 0x7ffaa510d990 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 791 start_va = 0x7ffaa51a0000 end_va = 0x7ffaa5249fff monitored = 0 entry_point = 0x7ffaa51b5470 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 792 start_va = 0x7ffaa5370000 end_va = 0x7ffaa5563fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 794 start_va = 0x7ffa9a2a0000 end_va = 0x7ffa9a54dfff monitored = 0 entry_point = 0x7ffa9a2d69a0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Thread: id = 14 os_tid = 0x1758 Thread: id = 15 os_tid = 0x1780 Thread: id = 16 os_tid = 0xc94 Thread: id = 17 os_tid = 0xb7c Thread: id = 18 os_tid = 0x9c8 Thread: id = 19 os_tid = 0x98c Thread: id = 20 os_tid = 0x988 Thread: id = 21 os_tid = 0x908 Thread: id = 22 os_tid = 0x88c Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x429fb000" os_pid = "0x64c" os_integrity_level = "0x4000" os_privileges = "0x260914080" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x25c" cmd_line = "C:\\Windows\\system32\\svchost.exe -k appmodel -p" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "S-1-5-80-3369530244-1263555520-1552818992-544823788-1590281562" [0xa], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:000122a5" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 808 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 809 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 810 start_va = 0x30000 end_va = 0x4cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 811 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 812 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 813 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 814 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 815 start_va = 0x100000 end_va = 0x108fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 816 start_va = 0x110000 end_va = 0x1d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 817 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 818 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 819 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 820 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 821 start_va = 0x680000 end_va = 0x688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 822 start_va = 0x690000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 823 start_va = 0x890000 end_va = 0x897fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 824 start_va = 0x8a0000 end_va = 0xa20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 825 start_va = 0xa30000 end_va = 0xaf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 826 start_va = 0xb00000 end_va = 0xb00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 827 start_va = 0xb10000 end_va = 0xb18fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 828 start_va = 0xb30000 end_va = 0xb30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 829 start_va = 0xb40000 end_va = 0xb40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 830 start_va = 0xb50000 end_va = 0xb57fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "staterepository-machine.srd-shm" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\StateRepository-Machine.srd-shm" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\staterepository-machine.srd-shm") Region: id = 831 start_va = 0xb60000 end_va = 0xb60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b60000" filename = "" Region: id = 832 start_va = 0xb70000 end_va = 0xb70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 833 start_va = 0xc00000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 834 start_va = 0xf00000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 835 start_va = 0x1000000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 836 start_va = 0x1200000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 837 start_va = 0x1500000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 838 start_va = 0x1700000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 839 start_va = 0x1800000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 840 start_va = 0x1a00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 841 start_va = 0x1c00000 end_va = 0x1d3efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 842 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 843 start_va = 0x7ff4fde90000 end_va = 0x7ff4fdf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff4fde90000" filename = "" Region: id = 844 start_va = 0x7ff4fdf90000 end_va = 0x7ff5fdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdf90000" filename = "" Region: id = 845 start_va = 0x7ff5fdfb0000 end_va = 0x7ff5fffb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fdfb0000" filename = "" Region: id = 846 start_va = 0x7ff5fffc0000 end_va = 0x7ff5fffc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffc0000" filename = "" Region: id = 847 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 848 start_va = 0x7ff6c2b20000 end_va = 0x7ff6c2b30fff monitored = 0 entry_point = 0x7ff6c2b24e80 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 849 start_va = 0x7ffa8b370000 end_va = 0x7ffa8b3d3fff monitored = 0 entry_point = 0x7ffa8b3b13a0 region_type = mapped_file name = "capabilityaccessmanager.dll" filename = "\\Windows\\System32\\CapabilityAccessManager.dll" (normalized: "c:\\windows\\system32\\capabilityaccessmanager.dll") Region: id = 850 start_va = 0x7ffa8d490000 end_va = 0x7ffa8d4e0fff monitored = 0 entry_point = 0x7ffa8d4c2fd0 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 851 start_va = 0x7ffa97250000 end_va = 0x7ffa97395fff monitored = 0 entry_point = 0x7ffa97257620 region_type = mapped_file name = "windows.staterepositoryps.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryPS.dll" (normalized: "c:\\windows\\system32\\windows.staterepositoryps.dll") Region: id = 852 start_va = 0x7ffa97590000 end_va = 0x7ffa975a0fff monitored = 0 entry_point = 0x7ffa97593900 region_type = mapped_file name = "windows.staterepositorycore.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryCore.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorycore.dll") Region: id = 853 start_va = 0x7ffa976a0000 end_va = 0x7ffa97750fff monitored = 0 entry_point = 0x7ffa976e6e10 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 854 start_va = 0x7ffa97760000 end_va = 0x7ffa97ce5fff monitored = 0 entry_point = 0x7ffa977b7790 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 855 start_va = 0x7ffa9bbc0000 end_va = 0x7ffa9bc52fff monitored = 0 entry_point = 0x7ffa9bbc9e10 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 856 start_va = 0x7ffa9f870000 end_va = 0x7ffa9f9c5fff monitored = 0 entry_point = 0x7ffa9f89b240 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 857 start_va = 0x7ffaa0a60000 end_va = 0x7ffaa0a72fff monitored = 0 entry_point = 0x7ffaa0a63f60 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 858 start_va = 0x7ffaa1c10000 end_va = 0x7ffaa1c99fff monitored = 0 entry_point = 0x7ffaa1c55870 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 859 start_va = 0x7ffaa24c0000 end_va = 0x7ffaa24eafff monitored = 0 entry_point = 0x7ffaa24c2db0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 860 start_va = 0x7ffaa2640000 end_va = 0x7ffaa2651fff monitored = 0 entry_point = 0x7ffaa26455f0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 861 start_va = 0x7ffaa2ab0000 end_va = 0x7ffaa2ad6fff monitored = 0 entry_point = 0x7ffaa2ab8690 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 862 start_va = 0x7ffaa2ae0000 end_va = 0x7ffaa2be9fff monitored = 0 entry_point = 0x7ffaa2b11300 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll") Region: id = 863 start_va = 0x7ffaa2bf0000 end_va = 0x7ffaa2d4cfff monitored = 0 entry_point = 0x7ffaa2c3efa0 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 864 start_va = 0x7ffaa2d50000 end_va = 0x7ffaa2e4ffff monitored = 0 entry_point = 0x7ffaa2d65ac0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 865 start_va = 0x7ffaa2e50000 end_va = 0x7ffaa2ecefff monitored = 0 entry_point = 0x7ffaa2e873e0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 866 start_va = 0x7ffaa2f20000 end_va = 0x7ffaa2f41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll") Region: id = 867 start_va = 0x7ffaa2f50000 end_va = 0x7ffaa2fecfff monitored = 0 entry_point = 0x7ffaa2f65390 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 868 start_va = 0x7ffaa2ff0000 end_va = 0x7ffaa32b6fff monitored = 0 entry_point = 0x7ffaa3001bd0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 869 start_va = 0x7ffaa32c0000 end_va = 0x7ffaa331ffff monitored = 0 entry_point = 0x7ffaa32d0380 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 870 start_va = 0x7ffaa3430000 end_va = 0x7ffaa34ddfff monitored = 0 entry_point = 0x7ffaa346b940 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 871 start_va = 0x7ffaa3540000 end_va = 0x7ffaa35dafff monitored = 0 entry_point = 0x7ffaa355c3e0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 872 start_va = 0x7ffaa36e0000 end_va = 0x7ffaa387ffff monitored = 0 entry_point = 0x7ffaa36f7a10 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 873 start_va = 0x7ffaa3a50000 end_va = 0x7ffaa3b0cfff monitored = 0 entry_point = 0x7ffaa3a67070 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 874 start_va = 0x7ffaa3ca0000 end_va = 0x7ffaa3d3dfff monitored = 0 entry_point = 0x7ffaa3ca7850 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 875 start_va = 0x7ffaa3d40000 end_va = 0x7ffaa3e14fff monitored = 0 entry_point = 0x7ffaa3d5d190 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 876 start_va = 0x7ffaa3e50000 end_va = 0x7ffaa3f72fff monitored = 0 entry_point = 0x7ffaa3eada30 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 877 start_va = 0x7ffaa3f80000 end_va = 0x7ffaa42d3fff monitored = 0 entry_point = 0x7ffaa4071d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 878 start_va = 0x7ffaa4760000 end_va = 0x7ffaa4789fff monitored = 0 entry_point = 0x7ffaa47648d0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 879 start_va = 0x7ffaa50f0000 end_va = 0x7ffaa5197fff monitored = 0 entry_point = 0x7ffaa510d990 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 880 start_va = 0x7ffaa51a0000 end_va = 0x7ffaa5249fff monitored = 0 entry_point = 0x7ffaa51b5470 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 881 start_va = 0x7ffaa5370000 end_va = 0x7ffaa5563fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 894 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 895 start_va = 0xe00000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 1622 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1624 start_va = 0x1400000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 1740 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1751 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1752 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 1753 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 1754 start_va = 0x7ffa88280000 end_va = 0x7ffa882befff monitored = 0 entry_point = 0x7ffa8829e5f0 region_type = mapped_file name = "capabilityaccessmanagerclient.dll" filename = "\\Windows\\System32\\CapabilityAccessManagerClient.dll" (normalized: "c:\\windows\\system32\\capabilityaccessmanagerclient.dll") Region: id = 1755 start_va = 0x7ffa82f60000 end_va = 0x7ffa83196fff monitored = 0 entry_point = 0x7ffa830a0970 region_type = mapped_file name = "windows.devices.bluetooth.dll" filename = "\\Windows\\System32\\Windows.Devices.Bluetooth.dll" (normalized: "c:\\windows\\system32\\windows.devices.bluetooth.dll") Region: id = 1756 start_va = 0x600000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1757 start_va = 0x7ffaa2ed0000 end_va = 0x7ffaa2f1cfff monitored = 0 entry_point = 0x7ffaa2ee3280 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1758 start_va = 0x7ffaa4790000 end_va = 0x7ffaa47fafff monitored = 0 entry_point = 0x7ffaa47a4300 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1759 start_va = 0x7ffa97fe0000 end_va = 0x7ffa98017fff monitored = 0 entry_point = 0x7ffa97fe2200 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 1760 start_va = 0x7ffa8cc20000 end_va = 0x7ffa8cc72fff monitored = 0 entry_point = 0x7ffa8cc30bd0 region_type = mapped_file name = "biwinrt.dll" filename = "\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll") Region: id = 1761 start_va = 0x7ffa87d60000 end_va = 0x7ffa87e51fff monitored = 0 entry_point = 0x7ffa87decb50 region_type = mapped_file name = "windows.networking.dll" filename = "\\Windows\\System32\\Windows.Networking.dll" (normalized: "c:\\windows\\system32\\windows.networking.dll") Region: id = 1762 start_va = 0x7ffa92c70000 end_va = 0x7ffa92d27fff monitored = 0 entry_point = 0x7ffa92c7d870 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 1763 start_va = 0x7ffaa18a0000 end_va = 0x7ffaa1932fff monitored = 0 entry_point = 0x7ffaa18a8f80 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1764 start_va = 0x7ffaa1f20000 end_va = 0x7ffaa1fe9fff monitored = 0 entry_point = 0x7ffaa1f4bc80 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1765 start_va = 0x7ffaa1ed0000 end_va = 0x7ffaa1f0afff monitored = 0 entry_point = 0x7ffaa1eda620 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1766 start_va = 0x7ffaa3c30000 end_va = 0x7ffaa3c38fff monitored = 0 entry_point = 0x7ffaa3c32020 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1767 start_va = 0x7ffaa1870000 end_va = 0x7ffaa189efff monitored = 0 entry_point = 0x7ffaa18772e0 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1768 start_va = 0x7ffa9be30000 end_va = 0x7ffa9be3ffff monitored = 0 entry_point = 0x7ffa9be360a0 region_type = mapped_file name = "cellulardatacapabilityhandler.dll" filename = "\\Windows\\System32\\cellulardatacapabilityhandler.dll" (normalized: "c:\\windows\\system32\\cellulardatacapabilityhandler.dll") Region: id = 1769 start_va = 0x7ffa98080000 end_va = 0x7ffa98093fff monitored = 0 entry_point = 0x7ffa98089810 region_type = mapped_file name = "capabilityaccesshandlers.dll" filename = "\\Windows\\System32\\CapabilityAccessHandlers.dll" (normalized: "c:\\windows\\system32\\capabilityaccesshandlers.dll") Region: id = 1770 start_va = 0x7ffa980d0000 end_va = 0x7ffa9824ffff monitored = 0 entry_point = 0x7ffa980f7430 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 1771 start_va = 0x7ffa98aa0000 end_va = 0x7ffa98b24fff monitored = 0 entry_point = 0x7ffa98ac0b70 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 1772 start_va = 0x7ffaa2870000 end_va = 0x7ffaa28bafff monitored = 0 entry_point = 0x7ffaa2873480 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1773 start_va = 0x7ffaa2800000 end_va = 0x7ffaa282bfff monitored = 0 entry_point = 0x7ffaa2807370 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1774 start_va = 0x7ffaa2850000 end_va = 0x7ffaa2861fff monitored = 0 entry_point = 0x7ffaa2853e30 region_type = mapped_file name = "umpdc.dll" filename = "\\Windows\\System32\\umpdc.dll" (normalized: "c:\\windows\\system32\\umpdc.dll") Region: id = 1775 start_va = 0x7ffa98070000 end_va = 0x7ffa9807ffff monitored = 0 entry_point = 0x7ffa98076080 region_type = mapped_file name = "wifidatacapabilityhandler.dll" filename = "\\Windows\\System32\\wifidatacapabilityhandler.dll" (normalized: "c:\\windows\\system32\\wifidatacapabilityhandler.dll") Thread: id = 24 os_tid = 0x112c Thread: id = 25 os_tid = 0x464 Thread: id = 26 os_tid = 0x638 Thread: id = 27 os_tid = 0xad0 Thread: id = 28 os_tid = 0x650 Thread: id = 29 os_tid = 0x1108 Thread: id = 103 os_tid = 0x16f4 Thread: id = 117 os_tid = 0x167c Thread: id = 118 os_tid = 0xc4c Thread: id = 119 os_tid = 0x62c Process: id = "4" image_name = "openwith.exe" filename = "c:\\windows\\system32\\openwith.exe" page_root = "0x26597000" os_pid = "0x10fc" os_integrity_level = "0x3000" os_privileges = "0x60900000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x30c" cmd_line = "C:\\Windows\\system32\\OpenWith.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001cfa9" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 900 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 901 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 902 start_va = 0x30000 end_va = 0x4cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 903 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 904 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 905 start_va = 0xe0000 end_va = 0xe1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 906 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 907 start_va = 0x100000 end_va = 0x1c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 908 start_va = 0x1d0000 end_va = 0x1d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 909 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "openwith.exe.mui" filename = "\\Windows\\System32\\en-US\\OpenWith.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\openwith.exe.mui") Region: id = 910 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 911 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 912 start_va = 0x400000 end_va = 0x406fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 913 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 914 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 915 start_va = 0x430000 end_va = 0x430fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 916 start_va = 0x440000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 917 start_va = 0x540000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 918 start_va = 0x5c0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 919 start_va = 0x7c0000 end_va = 0x940fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 920 start_va = 0x950000 end_va = 0x1d50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 921 start_va = 0x1d60000 end_va = 0x1d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 922 start_va = 0x1d70000 end_va = 0x1d71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d70000" filename = "" Region: id = 923 start_va = 0x1d80000 end_va = 0x1d80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d80000" filename = "" Region: id = 924 start_va = 0x1d90000 end_va = 0x1e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d90000" filename = "" Region: id = 925 start_va = 0x1e10000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e10000" filename = "" Region: id = 926 start_va = 0x1e90000 end_va = 0x1f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 927 start_va = 0x1f20000 end_va = 0x1f20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f20000" filename = "" Region: id = 928 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 929 start_va = 0x7ff4fde90000 end_va = 0x7ff4fdf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff4fde90000" filename = "" Region: id = 930 start_va = 0x7ff4fdf90000 end_va = 0x7ff5fdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdf90000" filename = "" Region: id = 931 start_va = 0x7ff5fdfb0000 end_va = 0x7ff5fffb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fdfb0000" filename = "" Region: id = 932 start_va = 0x7ff5fffc0000 end_va = 0x7ff5fffc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffc0000" filename = "" Region: id = 933 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 934 start_va = 0x7ff6131f0000 end_va = 0x7ff613211fff monitored = 1 entry_point = 0x7ff6131fc860 region_type = mapped_file name = "openwith.exe" filename = "\\Windows\\System32\\OpenWith.exe" (normalized: "c:\\windows\\system32\\openwith.exe") Region: id = 935 start_va = 0x7ffa90990000 end_va = 0x7ffa90c29fff monitored = 0 entry_point = 0x7ffa90a296c0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec\\comctl32.dll") Region: id = 936 start_va = 0x7ffa9d360000 end_va = 0x7ffa9daf0fff monitored = 0 entry_point = 0x7ffa9d375f30 region_type = mapped_file name = "onecoreuapcommonproxystub.dll" filename = "\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\onecoreuapcommonproxystub.dll") Region: id = 937 start_va = 0x7ffaa05a0000 end_va = 0x7ffaa063efff monitored = 0 entry_point = 0x7ffaa05c9120 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 938 start_va = 0x7ffaa0a60000 end_va = 0x7ffaa0a72fff monitored = 0 entry_point = 0x7ffaa0a63f60 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 939 start_va = 0x7ffaa2ae0000 end_va = 0x7ffaa2be9fff monitored = 0 entry_point = 0x7ffaa2b11300 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll") Region: id = 940 start_va = 0x7ffaa2d50000 end_va = 0x7ffaa2e4ffff monitored = 0 entry_point = 0x7ffaa2d65ac0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 941 start_va = 0x7ffaa2e50000 end_va = 0x7ffaa2ecefff monitored = 0 entry_point = 0x7ffaa2e873e0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 942 start_va = 0x7ffaa2f20000 end_va = 0x7ffaa2f41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll") Region: id = 943 start_va = 0x7ffaa2f50000 end_va = 0x7ffaa2fecfff monitored = 0 entry_point = 0x7ffaa2f65390 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 944 start_va = 0x7ffaa2ff0000 end_va = 0x7ffaa32b6fff monitored = 0 entry_point = 0x7ffaa3001bd0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 945 start_va = 0x7ffaa3430000 end_va = 0x7ffaa34ddfff monitored = 0 entry_point = 0x7ffaa346b940 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 946 start_va = 0x7ffaa3540000 end_va = 0x7ffaa35dafff monitored = 0 entry_point = 0x7ffaa355c3e0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 947 start_va = 0x7ffaa35e0000 end_va = 0x7ffaa3634fff monitored = 0 entry_point = 0x7ffaa35ea7e0 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 948 start_va = 0x7ffaa36e0000 end_va = 0x7ffaa387ffff monitored = 0 entry_point = 0x7ffaa36f7a10 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 949 start_va = 0x7ffaa3a50000 end_va = 0x7ffaa3b0cfff monitored = 0 entry_point = 0x7ffaa3a67070 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 950 start_va = 0x7ffaa3ca0000 end_va = 0x7ffaa3d3dfff monitored = 0 entry_point = 0x7ffaa3ca7850 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 951 start_va = 0x7ffaa3e20000 end_va = 0x7ffaa3e4ffff monitored = 0 entry_point = 0x7ffaa3e214d0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 952 start_va = 0x7ffaa3e50000 end_va = 0x7ffaa3f72fff monitored = 0 entry_point = 0x7ffaa3eada30 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 953 start_va = 0x7ffaa3f80000 end_va = 0x7ffaa42d3fff monitored = 0 entry_point = 0x7ffaa4071d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 954 start_va = 0x7ffaa4760000 end_va = 0x7ffaa4789fff monitored = 0 entry_point = 0x7ffaa47648d0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 955 start_va = 0x7ffaa4800000 end_va = 0x7ffaa4928fff monitored = 0 entry_point = 0x7ffaa4826140 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 956 start_va = 0x7ffaa49b0000 end_va = 0x7ffaa50e0fff monitored = 0 entry_point = 0x7ffaa4abe6e0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 957 start_va = 0x7ffaa50f0000 end_va = 0x7ffaa5197fff monitored = 0 entry_point = 0x7ffaa510d990 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 958 start_va = 0x7ffaa51a0000 end_va = 0x7ffaa5249fff monitored = 0 entry_point = 0x7ffaa51b5470 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 959 start_va = 0x7ffaa5370000 end_va = 0x7ffaa5563fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 960 start_va = 0x7ffaa3d40000 end_va = 0x7ffaa3e14fff monitored = 0 entry_point = 0x7ffaa3d5d190 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 961 start_va = 0x7ffaa0c60000 end_va = 0x7ffaa13e9fff monitored = 0 entry_point = 0x7ffaa0e1c050 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 962 start_va = 0x7ffaa24c0000 end_va = 0x7ffaa24eafff monitored = 0 entry_point = 0x7ffaa24c2db0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 963 start_va = 0x1f30000 end_va = 0x2267fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 964 start_va = 0x1f10000 end_va = 0x1f10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 965 start_va = 0x2270000 end_va = 0x2270fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 966 start_va = 0x7ffa8efc0000 end_va = 0x7ffa8f5adfff monitored = 0 entry_point = 0x7ffa8f074e60 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\System32\\twinui.dll" (normalized: "c:\\windows\\system32\\twinui.dll") Region: id = 967 start_va = 0x7ffa9f870000 end_va = 0x7ffa9f9c5fff monitored = 0 entry_point = 0x7ffa9f89b240 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 968 start_va = 0x7ffaa2870000 end_va = 0x7ffaa28bafff monitored = 0 entry_point = 0x7ffaa2873480 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 969 start_va = 0x7ffaa0950000 end_va = 0x7ffaa097dfff monitored = 0 entry_point = 0x7ffaa09542d0 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 970 start_va = 0x7ffa8ef70000 end_va = 0x7ffa8efb8fff monitored = 0 entry_point = 0x7ffa8ef73550 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 971 start_va = 0x7ffaa2850000 end_va = 0x7ffaa2861fff monitored = 0 entry_point = 0x7ffaa2853e30 region_type = mapped_file name = "umpdc.dll" filename = "\\Windows\\System32\\umpdc.dll" (normalized: "c:\\windows\\system32\\umpdc.dll") Region: id = 973 start_va = 0x7ffa93f00000 end_va = 0x7ffa93f7cfff monitored = 0 entry_point = 0x7ffa93f03a80 region_type = mapped_file name = "onecorecommonproxystub.dll" filename = "\\Windows\\System32\\OneCoreCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\onecorecommonproxystub.dll") Region: id = 975 start_va = 0x7ffa9ce40000 end_va = 0x7ffa9cedffff monitored = 0 entry_point = 0x7ffa9ce44570 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 976 start_va = 0x2280000 end_va = 0x2280fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002280000" filename = "" Region: id = 978 start_va = 0x2290000 end_va = 0x2291fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002290000" filename = "" Region: id = 979 start_va = 0x7ffa939a0000 end_va = 0x7ffa939bcfff monitored = 0 entry_point = 0x7ffa939a6080 region_type = mapped_file name = "windows.shell.servicehostbuilder.dll" filename = "\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll") Region: id = 984 start_va = 0x7ffa877a0000 end_va = 0x7ffa877e9fff monitored = 0 entry_point = 0x7ffa877cb440 region_type = mapped_file name = "windows.ui.appdefaults.dll" filename = "\\Windows\\System32\\Windows.UI.AppDefaults.dll" (normalized: "c:\\windows\\system32\\windows.ui.appdefaults.dll") Region: id = 985 start_va = 0x7ffa9a160000 end_va = 0x7ffa9a296fff monitored = 0 entry_point = 0x7ffa9a183b60 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll") Region: id = 986 start_va = 0x22a0000 end_va = 0x22a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022a0000" filename = "" Region: id = 1513 start_va = 0x22b0000 end_va = 0x22f6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022b0000" filename = "" Region: id = 1514 start_va = 0x7ffa8c7b0000 end_va = 0x7ffa8caa1fff monitored = 0 entry_point = 0x7ffa8c8105f0 region_type = mapped_file name = "uiautomationcore.dll" filename = "\\Windows\\System32\\UIAutomationCore.dll" (normalized: "c:\\windows\\system32\\uiautomationcore.dll") Region: id = 1515 start_va = 0x7ffa9f4e0000 end_va = 0x7ffa9f5d4fff monitored = 0 entry_point = 0x7ffa9f522860 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1516 start_va = 0x2300000 end_va = 0x2300fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002300000" filename = "" Region: id = 1517 start_va = 0x7ffa84f20000 end_va = 0x7ffa850cdfff monitored = 0 entry_point = 0x7ffa84f65290 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll") Region: id = 1518 start_va = 0x2310000 end_va = 0x2311fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002310000" filename = "" Region: id = 1519 start_va = 0x7ffa84d90000 end_va = 0x7ffa84e24fff monitored = 0 entry_point = 0x7ffa84da5220 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 1520 start_va = 0x2320000 end_va = 0x239ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1521 start_va = 0x23a0000 end_va = 0x23a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 1522 start_va = 0x23b0000 end_va = 0x2447fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.ui.immersive.dll.mun" filename = "\\Windows\\SystemResources\\Windows.UI.Immersive.dll.mun" (normalized: "c:\\windows\\systemresources\\windows.ui.immersive.dll.mun") Region: id = 1523 start_va = 0x2450000 end_va = 0x2450fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002450000" filename = "" Region: id = 1524 start_va = 0x2450000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 1525 start_va = 0x24d0000 end_va = 0x24d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024d0000" filename = "" Region: id = 1526 start_va = 0x24d0000 end_va = 0x24d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024d0000" filename = "" Region: id = 1527 start_va = 0x24d0000 end_va = 0x24d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dui70.dll.mui" filename = "\\Windows\\System32\\en-US\\dui70.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dui70.dll.mui") Region: id = 1528 start_va = 0x24e0000 end_va = 0x24e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.ui.immersive.dll.mui" filename = "\\Windows\\System32\\en-US\\Windows.UI.Immersive.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.ui.immersive.dll.mui") Region: id = 1529 start_va = 0x7ffaa3b10000 end_va = 0x7ffaa3c24fff monitored = 0 entry_point = 0x7ffaa3b4eb60 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1530 start_va = 0x24f0000 end_va = 0x24f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024f0000" filename = "" Region: id = 1531 start_va = 0x2500000 end_va = 0x257ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 1532 start_va = 0x2580000 end_va = 0x2580fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 1533 start_va = 0x2580000 end_va = 0x2580fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 1534 start_va = 0x7ffa99c80000 end_va = 0x7ffa99efdfff monitored = 0 entry_point = 0x7ffa99d173a0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 1535 start_va = 0x2580000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1536 start_va = 0x7ffa9b610000 end_va = 0x7ffa9b63cfff monitored = 0 entry_point = 0x7ffa9b617cd0 region_type = mapped_file name = "bcp47mrm.dll" filename = "\\Windows\\System32\\BCP47mrm.dll" (normalized: "c:\\windows\\system32\\bcp47mrm.dll") Region: id = 1537 start_va = 0x7ffa9dc40000 end_va = 0x7ffa9dc86fff monitored = 0 entry_point = 0x7ffa9dc530b0 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 1538 start_va = 0x7ffa9e820000 end_va = 0x7ffa9ea82fff monitored = 0 entry_point = 0x7ffa9e89b0b0 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 1539 start_va = 0x7ffaa1430000 end_va = 0x7ffaa1522fff monitored = 0 entry_point = 0x7ffaa14544d0 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 1540 start_va = 0x7ffa9c270000 end_va = 0x7ffa9c965fff monitored = 0 entry_point = 0x7ffa9c80ec40 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 1541 start_va = 0x7ffaa0680000 end_va = 0x7ffaa0693fff monitored = 0 entry_point = 0x7ffaa0684280 region_type = mapped_file name = "resourcepolicyclient.dll" filename = "\\Windows\\System32\\ResourcePolicyClient.dll" (normalized: "c:\\windows\\system32\\resourcepolicyclient.dll") Region: id = 1542 start_va = 0x2680000 end_va = 0x2680fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002680000" filename = "" Region: id = 1543 start_va = 0x2690000 end_va = 0x2690fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002690000" filename = "" Region: id = 1544 start_va = 0x26a0000 end_va = 0x26a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 1545 start_va = 0x26b0000 end_va = 0x26b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026b0000" filename = "" Region: id = 1546 start_va = 0x7ffa9c230000 end_va = 0x7ffa9c26afff monitored = 0 entry_point = 0x7ffa9c251b10 region_type = mapped_file name = "dxcore.dll" filename = "\\Windows\\System32\\DXCore.dll" (normalized: "c:\\windows\\system32\\dxcore.dll") Region: id = 1547 start_va = 0x7ffaa2ed0000 end_va = 0x7ffaa2f1cfff monitored = 0 entry_point = 0x7ffaa2ee3280 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1548 start_va = 0x26c0000 end_va = 0x27bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 1549 start_va = 0x27c0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 1550 start_va = 0x47c0000 end_va = 0x483ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 1551 start_va = 0x7ffa9f9d0000 end_va = 0x7ffa9fbb4fff monitored = 0 entry_point = 0x7ffa9fa2ddd0 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 1552 start_va = 0x4840000 end_va = 0x4840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004840000" filename = "" Region: id = 1553 start_va = 0x4850000 end_va = 0x4850fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004850000" filename = "" Region: id = 1554 start_va = 0x4860000 end_va = 0x4860fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004860000" filename = "" Region: id = 1556 start_va = 0x4870000 end_va = 0x4918fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "twinui.dll.mun" filename = "\\Windows\\SystemResources\\twinui.dll.mun" (normalized: "c:\\windows\\systemresources\\twinui.dll.mun") Region: id = 1557 start_va = 0x4920000 end_va = 0x4920fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004920000" filename = "" Region: id = 1558 start_va = 0x4920000 end_va = 0x4932fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "twinui.dll.mui" filename = "\\Windows\\System32\\en-US\\twinui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\twinui.dll.mui") Region: id = 1559 start_va = 0x7ffa901c0000 end_va = 0x7ffa90225fff monitored = 0 entry_point = 0x7ffa901ceb60 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 1560 start_va = 0x4940000 end_va = 0x4941fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 1561 start_va = 0x4950000 end_va = 0x4954fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll.mui" filename = "\\Windows\\System32\\en-US\\oleaccrc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\oleaccrc.dll.mui") Region: id = 1562 start_va = 0x7ffa8f800000 end_va = 0x7ffa8f823fff monitored = 0 entry_point = 0x7ffa8f801790 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 1563 start_va = 0x4960000 end_va = 0x4960fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004960000" filename = "" Region: id = 1564 start_va = 0x7ffa9b8d0000 end_va = 0x7ffa9ba1bfff monitored = 0 entry_point = 0x7ffa9b901ac0 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll") Region: id = 1565 start_va = 0x7ffa9e160000 end_va = 0x7ffa9e200fff monitored = 0 entry_point = 0x7ffa9e1701b0 region_type = mapped_file name = "windowmanagementapi.dll" filename = "\\Windows\\System32\\WindowManagementAPI.dll" (normalized: "c:\\windows\\system32\\windowmanagementapi.dll") Region: id = 1566 start_va = 0x7ffa9b7d0000 end_va = 0x7ffa9b8cbfff monitored = 0 entry_point = 0x7ffa9b80ae50 region_type = mapped_file name = "textinputframework.dll" filename = "\\Windows\\System32\\TextInputFramework.dll" (normalized: "c:\\windows\\system32\\textinputframework.dll") Region: id = 1567 start_va = 0x7ffa9b670000 end_va = 0x7ffa9b7c0fff monitored = 0 entry_point = 0x7ffa9b688050 region_type = mapped_file name = "inputhost.dll" filename = "\\Windows\\System32\\InputHost.dll" (normalized: "c:\\windows\\system32\\inputhost.dll") Region: id = 1568 start_va = 0x7ffa9df50000 end_va = 0x7ffa9e151fff monitored = 0 entry_point = 0x7ffa9dfbd800 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1569 start_va = 0x7ffaa02a0000 end_va = 0x7ffaa0391fff monitored = 0 entry_point = 0x7ffaa02f70f0 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 1570 start_va = 0x7ffaa4790000 end_va = 0x7ffaa47fafff monitored = 0 entry_point = 0x7ffaa47a4300 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1571 start_va = 0x7ffa9ff40000 end_va = 0x7ffaa0299fff monitored = 0 entry_point = 0x7ffa9ffc2d50 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 1572 start_va = 0x7ffaa1940000 end_va = 0x7ffaa1972fff monitored = 0 entry_point = 0x7ffaa1946930 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1573 start_va = 0x4960000 end_va = 0x50a9fff monitored = 0 entry_point = 0x4a7b240 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 1574 start_va = 0x50b0000 end_va = 0x525afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 1575 start_va = 0x7ffaa04d0000 end_va = 0x7ffaa055ffff monitored = 0 entry_point = 0x7ffaa04e0880 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1576 start_va = 0x7ffa91120000 end_va = 0x7ffa911affff monitored = 0 entry_point = 0x7ffa91182720 region_type = mapped_file name = "appresolver.dll" filename = "\\Windows\\System32\\AppResolver.dll" (normalized: "c:\\windows\\system32\\appresolver.dll") Region: id = 1577 start_va = 0x7ffa9bb60000 end_va = 0x7ffa9bbb9fff monitored = 0 entry_point = 0x7ffa9bb763c0 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 1578 start_va = 0x7ffaa16b0000 end_va = 0x7ffaa16d8fff monitored = 0 entry_point = 0x7ffaa16b1bd0 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1579 start_va = 0x7ffaa2970000 end_va = 0x7ffaa299dfff monitored = 0 entry_point = 0x7ffaa2974f10 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1580 start_va = 0x7ffaa1680000 end_va = 0x7ffaa16a4fff monitored = 0 entry_point = 0x7ffaa1683920 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 1581 start_va = 0x4960000 end_va = 0x4963fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.3.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db") Region: id = 1582 start_va = 0x4970000 end_va = 0x497efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001e.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001e.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001e.db") Region: id = 1583 start_va = 0x4980000 end_va = 0x4981fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004980000" filename = "" Region: id = 1584 start_va = 0x4990000 end_va = 0x49b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004990000" filename = "" Region: id = 1585 start_va = 0x7ffa9dc90000 end_va = 0x7ffa9de43fff monitored = 0 entry_point = 0x7ffa9dd068b0 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 1586 start_va = 0x7ffaa2ab0000 end_va = 0x7ffaa2ad6fff monitored = 0 entry_point = 0x7ffaa2ab8690 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1587 start_va = 0x49c0000 end_va = 0x49c8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049c0000" filename = "" Region: id = 1588 start_va = 0x49d0000 end_va = 0x49f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 1589 start_va = 0x4a00000 end_va = 0x4a08fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 1590 start_va = 0x4a10000 end_va = 0x4a10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a10000" filename = "" Region: id = 1591 start_va = 0x4a20000 end_va = 0x4b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a20000" filename = "" Region: id = 1592 start_va = 0x4b20000 end_va = 0x4b25fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b20000" filename = "" Region: id = 1593 start_va = 0x7ffaa29f0000 end_va = 0x7ffaa2a0efff monitored = 0 entry_point = 0x7ffaa29f8ca0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1594 start_va = 0x4b30000 end_va = 0x4b30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b30000" filename = "" Region: id = 1595 start_va = 0x7ffa8f830000 end_va = 0x7ffa8f895fff monitored = 0 entry_point = 0x7ffa8f84d000 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 1596 start_va = 0x4b40000 end_va = 0x4b47fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 1597 start_va = 0x4b50000 end_va = 0x4c4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_32.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db") Region: id = 1598 start_va = 0x4c50000 end_va = 0x4d1afff monitored = 0 entry_point = 0x4c52780 region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe") Region: id = 1599 start_va = 0x4d20000 end_va = 0x4d21fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 1600 start_va = 0x7ffa9bbc0000 end_va = 0x7ffa9bc52fff monitored = 0 entry_point = 0x7ffa9bbc9e10 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1601 start_va = 0x7ffaa1c10000 end_va = 0x7ffaa1c99fff monitored = 0 entry_point = 0x7ffaa1c55870 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1602 start_va = 0x4c50000 end_va = 0x4c50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 1603 start_va = 0x4c50000 end_va = 0x4c97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 1604 start_va = 0x4990000 end_va = 0x4990fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004990000" filename = "" Region: id = 1605 start_va = 0x49a0000 end_va = 0x49a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.3.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db") Region: id = 1606 start_va = 0x49b0000 end_va = 0x49b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1607 start_va = 0x4ca0000 end_va = 0x4ce8fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db") Region: id = 1608 start_va = 0x4b30000 end_va = 0x4b33fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1609 start_va = 0x4cf0000 end_va = 0x4d8bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1610 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1611 start_va = 0x4da0000 end_va = 0x4e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1612 start_va = 0x4ea0000 end_va = 0x4ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ea0000" filename = "" Region: id = 1613 start_va = 0x4eb0000 end_va = 0x4eb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004eb0000" filename = "" Region: id = 1614 start_va = 0x4ec0000 end_va = 0x4ec3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 1615 start_va = 0x4ed0000 end_va = 0x4fcffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 1616 start_va = 0x4eb0000 end_va = 0x4eb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004eb0000" filename = "" Region: id = 1617 start_va = 0x7ffa91d30000 end_va = 0x7ffa91dc8fff monitored = 0 entry_point = 0x7ffa91d3e1c0 region_type = mapped_file name = "tiledatarepository.dll" filename = "\\Windows\\System32\\TileDataRepository.dll" (normalized: "c:\\windows\\system32\\tiledatarepository.dll") Region: id = 1618 start_va = 0x7ffa976a0000 end_va = 0x7ffa97750fff monitored = 0 entry_point = 0x7ffa976e6e10 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 1619 start_va = 0x7ffa97760000 end_va = 0x7ffa97ce5fff monitored = 0 entry_point = 0x7ffa977b7790 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 1620 start_va = 0x7ffa9f640000 end_va = 0x7ffa9f653fff monitored = 0 entry_point = 0x7ffa9f6428c0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1621 start_va = 0x4ea0000 end_va = 0x4ea1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ea0000" filename = "" Region: id = 1623 start_va = 0x7ffa97250000 end_va = 0x7ffa97395fff monitored = 0 entry_point = 0x7ffa97257620 region_type = mapped_file name = "windows.staterepositoryps.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryPS.dll" (normalized: "c:\\windows\\system32\\windows.staterepositoryps.dll") Region: id = 1625 start_va = 0x7ffa97590000 end_va = 0x7ffa975a0fff monitored = 0 entry_point = 0x7ffa97593900 region_type = mapped_file name = "windows.staterepositorycore.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryCore.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorycore.dll") Region: id = 1626 start_va = 0x7ffa9ba20000 end_va = 0x7ffa9bb13fff monitored = 0 entry_point = 0x7ffa9ba61eb0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 1627 start_va = 0x7ffa9bcc0000 end_va = 0x7ffa9bdb7fff monitored = 0 entry_point = 0x7ffa9bcd73e0 region_type = mapped_file name = "appxdeploymentclient.dll" filename = "\\Windows\\System32\\AppXDeploymentClient.dll" (normalized: "c:\\windows\\system32\\appxdeploymentclient.dll") Region: id = 1628 start_va = 0x4fd0000 end_va = 0x4fe6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-245394380-2276627025-4024548581-1000-mergedresources-0.pri" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000-MergedResources-0.pri" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsstore_11910.1002.5.0_x64__8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000-mergedresources-0.pri") Region: id = 1629 start_va = 0x4ff0000 end_va = 0x51c3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "resources.pri" filename = "\\Program Files\\WindowsApps\\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\\resources.pri" (normalized: "c:\\program files\\windowsapps\\microsoft.windowsstore_11910.1002.5.0_x64__8wekyb3d8bbwe\\resources.pri") Region: id = 1630 start_va = 0x4fd0000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fd0000" filename = "" Region: id = 1631 start_va = 0x5050000 end_va = 0x50cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 1632 start_va = 0x50d0000 end_va = 0x50d0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft edge.lnk" filename = "\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\microsoft edge.lnk") Region: id = 1633 start_va = 0x7ffaa28c0000 end_va = 0x7ffaa2961fff monitored = 0 entry_point = 0x7ffaa28eca60 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1634 start_va = 0x50e0000 end_va = 0x52dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 1635 start_va = 0x7ffa992b0000 end_va = 0x7ffa9934dfff monitored = 0 entry_point = 0x7ffa992dff70 region_type = mapped_file name = "directmanipulation.dll" filename = "\\Windows\\System32\\directmanipulation.dll" (normalized: "c:\\windows\\system32\\directmanipulation.dll") Region: id = 1636 start_va = 0x52e0000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052e0000" filename = "" Region: id = 1637 start_va = 0x7ffa8f5b0000 end_va = 0x7ffa8f5bcfff monitored = 0 entry_point = 0x7ffa8f5b1df0 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 1638 start_va = 0x5310000 end_va = 0x538ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005310000" filename = "" Region: id = 1639 start_va = 0x52e0000 end_va = 0x52e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1640 start_va = 0x5300000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 1641 start_va = 0x5390000 end_va = 0x53a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db") Region: id = 1642 start_va = 0x52f0000 end_va = 0x52f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000052f0000" filename = "" Region: id = 1643 start_va = 0x50d0000 end_va = 0x50d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050d0000" filename = "" Region: id = 1644 start_va = 0x50d0000 end_va = 0x50d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050d0000" filename = "" Region: id = 1645 start_va = 0x52e0000 end_va = 0x52e7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 1646 start_va = 0x53b0000 end_va = 0x54affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_32.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db") Region: id = 1647 start_va = 0x54b0000 end_va = 0x54bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000054b0000" filename = "" Region: id = 1648 start_va = 0x54c0000 end_va = 0x5512fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 1649 start_va = 0x5520000 end_va = 0x5520fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1650 start_va = 0x5530000 end_va = 0x652ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 1651 start_va = 0x7ffa99020000 end_va = 0x7ffa990cdfff monitored = 0 entry_point = 0x7ffa9906b570 region_type = mapped_file name = "textshaping.dll" filename = "\\Windows\\System32\\TextShaping.dll" (normalized: "c:\\windows\\system32\\textshaping.dll") Region: id = 1652 start_va = 0x6530000 end_va = 0x6d2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-s-1-5-21-245394380-2276627025-4024548581-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-245394380-2276627025-4024548581-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-245394380-2276627025-4024548581-1000.dat") Region: id = 1653 start_va = 0x6d30000 end_va = 0x6e19fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 1654 start_va = 0x6e20000 end_va = 0x6e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e20000" filename = "" Region: id = 1655 start_va = 0x6ea0000 end_va = 0x729ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006ea0000" filename = "" Region: id = 1656 start_va = 0x72a0000 end_va = 0x738dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisb.ttf" filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf") Region: id = 1714 start_va = 0x7390000 end_va = 0x7439fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007390000" filename = "" Region: id = 1715 start_va = 0x7440000 end_va = 0x74a6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007440000" filename = "" Region: id = 1716 start_va = 0x74b0000 end_va = 0x74b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000074b0000" filename = "" Region: id = 1717 start_va = 0x74c0000 end_va = 0x74c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000074c0000" filename = "" Region: id = 1718 start_va = 0x74d0000 end_va = 0x7579fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000074d0000" filename = "" Region: id = 1719 start_va = 0x7580000 end_va = 0x7580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007580000" filename = "" Region: id = 1720 start_va = 0x7590000 end_va = 0x7597fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007590000" filename = "" Region: id = 1721 start_va = 0x74b0000 end_va = 0x74b4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000074b0000" filename = "" Region: id = 1722 start_va = 0x7590000 end_va = 0x7639fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007590000" filename = "" Region: id = 1723 start_va = 0x7640000 end_va = 0x7647fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007640000" filename = "" Region: id = 1724 start_va = 0x74b0000 end_va = 0x74b4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000074b0000" filename = "" Region: id = 1725 start_va = 0x7640000 end_va = 0x7643fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007640000" filename = "" Region: id = 1726 start_va = 0x7ffa9bcc0000 end_va = 0x7ffa9bdb7fff monitored = 0 entry_point = 0x7ffa9bcd73e0 region_type = mapped_file name = "appxdeploymentclient.dll" filename = "\\Windows\\System32\\AppXDeploymentClient.dll" (normalized: "c:\\windows\\system32\\appxdeploymentclient.dll") Region: id = 1727 start_va = 0x7650000 end_va = 0x7666fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-245394380-2276627025-4024548581-1000-mergedresources-0.pri" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000-MergedResources-0.pri" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsstore_11910.1002.5.0_x64__8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000-mergedresources-0.pri") Region: id = 1728 start_va = 0x7670000 end_va = 0x7671fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-245394380-2276627025-4024548581-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\\S-1-5-21-245394380-2276627025-4024548581-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsstore_11910.1002.5.0_x64__8wekyb3d8bbwe\\s-1-5-21-245394380-2276627025-4024548581-1000.pckgdep") Region: id = 1729 start_va = 0x7ffa99f00000 end_va = 0x7ffa9a0ecfff monitored = 0 entry_point = 0x7ffa99f7ea20 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1730 start_va = 0x7ffa9a2a0000 end_va = 0x7ffa9a54dfff monitored = 0 entry_point = 0x7ffa9a2d69a0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1731 start_va = 0x7670000 end_va = 0x7670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "resources.pri" filename = "\\Program Files\\WindowsApps\\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\\resources.pri" (normalized: "c:\\program files\\windowsapps\\microsoft.windowsstore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\\resources.pri") Region: id = 1732 start_va = 0x7650000 end_va = 0x7650fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "storeapplist.scale-100.png" filename = "\\Program Files\\WindowsApps\\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\\Assets\\AppTiles\\StoreAppList.scale-100.png" (normalized: "c:\\program files\\windowsapps\\microsoft.windowsstore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\\assets\\apptiles\\storeapplist.scale-100.png") Region: id = 1733 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1734 start_va = 0x7650000 end_va = 0x7650fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007650000" filename = "" Region: id = 1735 start_va = 0x7660000 end_va = 0x76c6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007660000" filename = "" Region: id = 1736 start_va = 0x7ff4fde80000 end_va = 0x7ff4fde8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fde80000" filename = "" Region: id = 1737 start_va = 0x74b0000 end_va = 0x74b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000074b0000" filename = "" Region: id = 1738 start_va = 0x74c0000 end_va = 0x7569fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000074c0000" filename = "" Region: id = 1739 start_va = 0x7570000 end_va = 0x7574fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007570000" filename = "" Region: id = 1741 start_va = 0x7ffa94430000 end_va = 0x7ffa944affff monitored = 0 entry_point = 0x7ffa944390a0 region_type = mapped_file name = "photometadatahandler.dll" filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll") Region: id = 1742 start_va = 0x2290000 end_va = 0x2290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "storeapplist.scale-100.png" filename = "\\Program Files\\WindowsApps\\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\\Assets\\AppTiles\\StoreAppList.scale-100.png" (normalized: "c:\\program files\\windowsapps\\microsoft.windowsstore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\\assets\\apptiles\\storeapplist.scale-100.png") Region: id = 1743 start_va = 0x5520000 end_va = 0x5520fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1744 start_va = 0x76d0000 end_va = 0x76fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076d0000" filename = "" Region: id = 1745 start_va = 0x76d0000 end_va = 0x76dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000076d0000" filename = "" Region: id = 1746 start_va = 0x76e0000 end_va = 0x76effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000076e0000" filename = "" Region: id = 1747 start_va = 0x76f0000 end_va = 0x76fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000076f0000" filename = "" Thread: id = 32 os_tid = 0xb28 Thread: id = 33 os_tid = 0xe2c Thread: id = 34 os_tid = 0x168c Thread: id = 35 os_tid = 0x1198 Thread: id = 36 os_tid = 0x15d0 [0254.915] TranslateMessage (lpMsg=0xcfd80) returned 0 [0254.915] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0254.932] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0254.997] TranslateMessage (lpMsg=0xcfd80) returned 0 [0254.997] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0254.998] IUnknown_Set (in: ppunk=0x1f5780*=0x0, punk=0x47baf0 | out: ppunk=0x1f5780*=0x47baf0) [0254.998] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0255.007] TranslateMessage (lpMsg=0xcfd80) returned 0 [0255.007] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0255.007] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0255.011] TranslateMessage (lpMsg=0xcfd80) returned 0 [0255.011] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0255.012] Str_SetPtrW (in: ppsz=0x1f57c8*=0x0, psz="C:\\Users\\OqXZRaykm\\Desktop" | out: ppsz=0x1f57c8*="C:\\Users\\OqXZRaykm\\Desktop") returned 1 [0255.012] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0255.017] TranslateMessage (lpMsg=0xcfd80) returned 0 [0255.017] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0255.017] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0255.023] TranslateMessage (lpMsg=0xcfd80) returned 0 [0255.023] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0255.026] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0255.045] TranslateMessage (lpMsg=0xcfd80) returned 0 [0255.045] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0255.098] IUnknown_Set (in: ppunk=0x1f57e0*=0x0, punk=0x47ddc8 | out: ppunk=0x1f57e0*=0x47ddc8) [0255.098] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0255.144] TranslateMessage (lpMsg=0xcfd80) returned 0 [0255.144] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0255.145] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0255.149] TranslateMessage (lpMsg=0xcfd80) returned 0 [0255.149] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0255.153] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0255.168] TranslateMessage (lpMsg=0xcfd80) returned 0 [0255.168] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0255.169] CoTaskMemAlloc (cb=0xa) returned 0x47e370 [0255.189] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0255.192] TranslateMessage (lpMsg=0xcfd80) returned 0 [0255.192] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0255.193] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0255.196] TranslateMessage (lpMsg=0xcfd80) returned 0 [0255.196] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0255.200] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0255.210] TranslateMessage (lpMsg=0xcfd80) returned 0 [0255.211] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0255.211] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0255.217] TranslateMessage (lpMsg=0xcfd80) returned 0 [0255.217] DispatchMessageW (lpMsg=0xcfd80) returned 0x1 [0255.217] KillTimer (hWnd=0x0, uIDEvent=0x7f54) returned 1 [0255.217] CompareStringOrdinal (lpString1="InvokeDefaultVerbInOtherProcess", cchCount1=-1, lpString2="open", cchCount2=-1, bIgnoreCase=1) returned 1 [0255.217] CoCreateInstance (in: rclsid=0x7ff613200080*(Data1=0x94b23d4d, Data2=0x1040, Data3=0x4c4b, Data4=([0]=0x90, [1]=0x81, [2]=0x85, [3]=0xd8, [4]=0xd6, [5]=0xfa, [6]=0x36, [7]=0xc4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ff613200370*(Data1=0xce149b23, Data2=0x5941, Data3=0x4079, Data4=([0]=0x92, [1]=0x23, [2]=0x52, [3]=0xc0, [4]=0xa9, [5]=0x91, [6]=0xec, [7]=0x48)), ppv=0x1f5800 | out: ppv=0x1f5800*=0x1fa5b8) returned 0x0 [0255.313] IUnknown_QueryService (in: punk=0x47baf0, guidService=0x7ff6131ffd28*(Data1=0x9d923edc, Data2=0xb7a9, Data3=0x4f77, Data4=([0]=0x99, [1]=0x33, [2]=0x28, [3]=0x4e, [4]=0x7e, [5]=0x2b, [6]=0x25, [7]=0x36)), riid=0x7ff613200300*(Data1=0x9d923edc, Data2=0xb7a9, Data3=0x4f77, Data4=([0]=0x99, [1]=0x33, [2]=0x28, [3]=0x4e, [4]=0x7e, [5]=0x2b, [6]=0x25, [7]=0x36)), ppvOut=0xce6e8 | out: ppvOut=0xce6e8*=0x477898) returned 0x0 [0255.893] GetCurrentProcessId () returned 0x10fc [0255.893] _vsnwprintf (in: _Buffer=0xce410, _BufferCount=0x103, _Format="Local\\SM0:%d:%d:%hs", _ArgList=0xce3d8 | out: _Buffer="Local\\SM0:4348:120:WilError_03") returned 30 [0255.893] CreateMutexExW (lpMutexAttributes=0x0, lpName="Local\\SM0:4348:120:WilError_03", dwFlags=0x0, dwDesiredAccess=0x1f0001) returned 0x2a4 [0255.894] WaitForSingleObjectEx (hHandle=0x2a4, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0 [0255.894] OpenSemaphoreW (dwDesiredAccess=0x1f0003, bInheritHandle=0, lpName="Local\\SM0:4348:120:WilError_03_p0") returned 0x0 [0255.894] GetLastError () returned 0x2 [0255.894] GetProcessHeap () returned 0x440000 [0255.894] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x78) returned 0x47c3a0 [0255.894] GetProcessHeap () returned 0x440000 [0255.894] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaa5370000 [0255.895] GetProcAddress (hModule=0x7ffaa5370000, lpProcName="RtlDisownModuleHeapAllocation") returned 0x7ffaa53ee540 [0255.895] RtlDisownModuleHeapAllocation () returned 0x0 [0255.895] CreateSemaphoreExW (lpSemaphoreAttributes=0x0, lInitialCount=1175784, lMaximumCount=1175784, lpName="Local\\SM0:4348:120:WilError_03_p0", dwFlags=0x0, dwDesiredAccess=0x1f0003) returned 0x2a8 [0255.896] CreateSemaphoreExW (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=1, lpName="Local\\SM0:4348:120:WilError_03_p0h", dwFlags=0x0, dwDesiredAccess=0x1f0003) returned 0x2ac [0255.898] ReleaseMutex (hMutex=0x2a4) returned 1 [0255.899] GetCurrentThreadId () returned 0x15d0 [0255.899] GetProcessHeap () returned 0x440000 [0255.899] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x0, Size=0x38) returned 0x475dc0 [0255.899] GetProcessHeap () returned 0x440000 [0255.899] RtlDisownModuleHeapAllocation () returned 0x0 [0255.899] IUnknown_SetSite (punk=0x1fa5b8, punkSite=0x1f5760) returned 0x0 [0255.900] IUnknown:QueryInterface (This=0x1f5760, riid=0x7ffaa3611d78*(Data1=0x114, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xce5a0) [0255.900] IUnknown:QueryInterface (This=0x1f5760, riid=0x7ffaa3611da8*(Data1=0x79eac9ed, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0xce5a8) [0255.901] IUnknown:QueryInterface (This=0x1f5760, riid=0x7ffaa3611d98*(Data1=0x214e3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xce5b0) [0255.901] IUnknown:QueryInterface (This=0x1f5760, riid=0x7ffaa3611d88*(Data1=0x45d64a29, Data2=0xa63e, Data3=0x4cb6, Data4=([0]=0xb4, [1]=0x98, [2]=0x57, [3]=0x81, [4]=0xd2, [5]=0x98, [6]=0xcb, [7]=0x4f)), ppvObject=0xce5b8) [0255.901] IUnknown:QueryInterface (This=0x1f5760, riid=0x7ffaa34b8510*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0xce5f0) [0257.031] IUnknown:QueryInterface (This=0x1f5760, riid=0x7ffaa34b84e0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0xce620) [0257.031] IUnknown:AddRef (This=0x1f5760) returned 0xe [0257.034] IUnknown:Release (This=0x1f5760) returned 0xd [0257.034] IUnknown:QueryInterface (This=0x1f5760, riid=0x7ffaa34b84e0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0xce620) [0257.034] IUnknown:AddRef (This=0x1f5760) returned 0xe [0257.037] IUnknown:Release (This=0x1f5760) returned 0xd [0257.037] IUnknown:QueryInterface (This=0x1f5760, riid=0x7ffaa34b84e0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0xce620) [0257.037] IUnknown:AddRef (This=0x1f5760) returned 0xe [0257.040] IUnknown:Release (This=0x1f5760) returned 0xd [0257.040] IUnknown:QueryInterface (This=0x1f5760, riid=0x7ffaa34b84e0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0xce620) [0257.040] IUnknown:AddRef (This=0x1f5760) returned 0xe [0257.043] IUnknown:Release (This=0x1f5760) returned 0xd [0257.043] IUnknown:QueryInterface (This=0x1f5760, riid=0x7ffaa34b84e0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0xce620) [0257.043] IUnknown:AddRef (This=0x1f5760) returned 0xe [0257.045] IUnknown:Release (This=0x1f5760) returned 0xd [0257.045] IUnknown:QueryInterface (This=0x1f5760, riid=0x7ffaa34b84e0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0xce620) [0257.045] IUnknown:AddRef (This=0x1f5760) returned 0xe [0257.047] IUnknown:Release (This=0x1f5760) returned 0xd [0257.048] IUnknown:QueryInterface (This=0x1f5760, riid=0x7ffaa34b84e0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0xce620) [0257.048] IUnknown:AddRef (This=0x1f5760) returned 0xe [0257.050] IUnknown:Release (This=0x1f5760) returned 0xd [0257.050] IUnknown:QueryInterface (This=0x1f5760, riid=0x7ffaa34b84e0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0xce620) [0257.050] IUnknown:AddRef (This=0x1f5760) returned 0xe [0257.053] IUnknown:Release (This=0x1f5760) returned 0xd [0257.053] IUnknown:AddRef (This=0x1f5760) returned 0xe [0257.054] GetCurrentThreadId () returned 0x15d0 [0257.054] PostThreadMessageW (idThread=0x15d0, Msg=0x8001, wParam=0x0, lParam=0x0) returned 1 [0257.055] GetMessageW (in: lpMsg=0xcfd80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcfd80) returned 1 [0257.055] CompareStringOrdinal (lpString1="openas", cchCount1=-1, lpString2="open", cchCount2=-1, bIgnoreCase=1) returned 3 [0257.055] CompareStringOrdinal (lpString1="OpenWithSetDefaultOn", cchCount1=-1, lpString2="open", cchCount2=-1, bIgnoreCase=1) returned 3 [0257.055] IUnknown_QueryService (in: punk=0x47baf0, guidService=0x7ff6132005c0*(Data1=0x94724f59, Data2=0xeb2c, Data3=0x4efb, Data4=([0]=0xad, [1]=0x2b, [2]=0x85, [3]=0x38, [4]=0xf6, [5]=0x49, [6]=0x6f, [7]=0x7d)), riid=0x7ff6132002f0*(Data1=0x94724f59, Data2=0xeb2c, Data3=0x4efb, Data4=([0]=0xad, [1]=0x2b, [2]=0x85, [3]=0x38, [4]=0xf6, [5]=0x49, [6]=0x6f, [7]=0x7d)), ppvOut=0xcfd68 | out: ppvOut=0xcfd68*=0x0) returned 0x80004001 [0257.057] IUnknown_Set (in: ppunk=0x1f5780*=0x47baf0, punk=0x0 | out: ppunk=0x1f5780*=0x0) [0257.163] QISearch (in: that=0x1f5750, pqit=0x7ff6131ff410, riid=0x7ff6132003c0*(Data1=0x1c9cd5bb, Data2=0x98e9, Data3=0x4491, Data4=([0]=0xa6, [1]=0xf, [2]=0x31, [3]=0xaa, [4]=0xcc, [5]=0x72, [6]=0xb8, [7]=0x3c)), ppv=0xcfd50 | out: that=0x1f5750, ppv=0xcfd50*=0x1f5798) returned 0x0 [0257.163] IUnknown:QueryInterface (in: This=0x47ddc8, riid=0x7ff613200488*(Data1=0xb63ea76d, Data2=0x1f85, Data3=0x456f, Data4=([0]=0xa1, [1]=0x9c, [2]=0x48, [3]=0x15, [4]=0x9e, [5]=0xfa, [6]=0x85, [7]=0x8b)), ppvObject=0xcfd60 | out: ppvObject=0xcfd60*=0x47ddc8) returned 0x0 [0257.163] IShellItemArray:GetItemAt (in: This=0x47ddc8, dwIndex=0x0, ppsi=0xcfd50 | out: ppsi=0xcfd50*=0x47d188) returned 0x0 [0257.187] IUnknown:QueryInterface (in: This=0x47d188, riid=0x7ff613200498*(Data1=0x7e9fb0d3, Data2=0x919f, Data3=0x4307, Data4=([0]=0xab, [1]=0x2e, [2]=0x9b, [3]=0x18, [4]=0x60, [5]=0x31, [6]=0xc, [7]=0x93)), ppvObject=0xcfd58 | out: ppvObject=0xcfd58*=0x47d188) returned 0x0 [0257.187] IUnknown:Release (This=0x47d188) returned 0x1 [0257.187] IShellItem:BindToHandler (in: This=0x47d188, pbc=0x0, bhid=0x7ff6131ffd48, riid=0x7ff613200478, ppv=0xcfd50 | out: ppv=0xcfd50) returned 0x0 [0259.956] IUnknown:Release (This=0x47d188) returned 0x0 [0259.956] IUnknown:Release (This=0x47ddc8) returned 0x1 [0259.962] IUnknown:AddRef (This=0x1f5798) returned 0x4 [0259.962] IObjectWithSelection:GetSelection (This=0x1f5798, riid=0x7ffa8f4413a0, ppv=0x1fa6f0) [0259.962] IUnknown:Release (This=0x1f5798) returned 0x3 Thread: id = 99 os_tid = 0x1710 Thread: id = 100 os_tid = 0x844 Thread: id = 101 os_tid = 0x15a0 Thread: id = 102 os_tid = 0x4d0 Thread: id = 104 os_tid = 0x15bc Thread: id = 105 os_tid = 0x1794 Thread: id = 106 os_tid = 0x1594 Thread: id = 115 os_tid = 0x368 Process: id = "5" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x3206b000" os_pid = "0xa00" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0xffffffffffffffff" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001cfa9" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 987 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 988 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 989 start_va = 0x30000 end_va = 0x4cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 990 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 991 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 992 start_va = 0xe0000 end_va = 0xe1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 993 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 994 start_va = 0x100000 end_va = 0x1c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 995 start_va = 0x1d0000 end_va = 0x1d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 996 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 997 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 998 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 999 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1000 start_va = 0x410000 end_va = 0x417fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1001 start_va = 0x420000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1002 start_va = 0x520000 end_va = 0x521fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1003 start_va = 0x530000 end_va = 0x544fff monitored = 0 entry_point = 0x532110 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 1004 start_va = 0x550000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wscui.cpl.mui" filename = "\\Windows\\System32\\en-US\\wscui.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\wscui.cpl.mui") Region: id = 1005 start_va = 0x570000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1006 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1007 start_va = 0x590000 end_va = 0x591fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hcproviders.dll.mui" filename = "\\Windows\\System32\\en-US\\hcproviders.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\hcproviders.dll.mui") Region: id = 1008 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorer.exe.mui" filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui") Region: id = 1009 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 1010 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1011 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 1012 start_va = 0x5e0000 end_va = 0x5e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1013 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 1014 start_va = 0x600000 end_va = 0x600fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1015 start_va = 0x610000 end_va = 0x61bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dsreg.dll.mui" filename = "\\Windows\\System32\\en-US\\dsreg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dsreg.dll.mui") Region: id = 1016 start_va = 0x620000 end_va = 0x633fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db") Region: id = 1017 start_va = 0x640000 end_va = 0x640fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 1018 start_va = 0x650000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 1019 start_va = 0x6d0000 end_va = 0x6d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 1020 start_va = 0x6e0000 end_va = 0x6e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1021 start_va = 0x6f0000 end_va = 0x6f7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 1022 start_va = 0x700000 end_va = 0x703fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.3.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db") Region: id = 1023 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1024 start_va = 0x720000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 1025 start_va = 0x920000 end_va = 0xaa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000920000" filename = "" Region: id = 1026 start_va = 0xab0000 end_va = 0x1eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ab0000" filename = "" Region: id = 1027 start_va = 0x1ec0000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 1028 start_va = 0x1f40000 end_va = 0x1f4efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001e.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001e.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001e.db") Region: id = 1029 start_va = 0x1f50000 end_va = 0x1f51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f50000" filename = "" Region: id = 1030 start_va = 0x1f70000 end_va = 0x1f71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f70000" filename = "" Region: id = 1031 start_va = 0x1f80000 end_va = 0x1f9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 1032 start_va = 0x1fa0000 end_va = 0x1fbdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1033 start_va = 0x1fc0000 end_va = 0x1fc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fc0000" filename = "" Region: id = 1034 start_va = 0x1fd0000 end_va = 0x1fd3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 1035 start_va = 0x2000000 end_va = 0x2007fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 1036 start_va = 0x2030000 end_va = 0x2035fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowszones.res" filename = "\\Windows\\Globalization\\ICU\\windowsZones.res" (normalized: "c:\\windows\\globalization\\icu\\windowszones.res") Region: id = 1037 start_va = 0x2050000 end_va = 0x2051fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002050000" filename = "" Region: id = 1038 start_va = 0x2060000 end_va = 0x2061fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002060000" filename = "" Region: id = 1039 start_va = 0x2070000 end_va = 0x2070fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 1040 start_va = 0x2080000 end_va = 0x2081fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002080000" filename = "" Region: id = 1041 start_va = 0x2090000 end_va = 0x2091fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 1042 start_va = 0x20a0000 end_va = 0x20a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll.mui" filename = "\\Windows\\System32\\en-US\\oleaccrc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\oleaccrc.dll.mui") Region: id = 1043 start_va = 0x20b0000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 1044 start_va = 0x20c0000 end_va = 0x23f7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1045 start_va = 0x2400000 end_va = 0x2401fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stobject.dll.mui" filename = "\\Windows\\System32\\en-US\\stobject.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\stobject.dll.mui") Region: id = 1046 start_va = 0x2410000 end_va = 0x2410fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 1047 start_va = 0x2420000 end_va = 0x2422fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "inputswitch.dll.mui" filename = "\\Windows\\System32\\en-US\\InputSwitch.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\inputswitch.dll.mui") Region: id = 1048 start_va = 0x2430000 end_va = 0x2434fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 1049 start_va = 0x2440000 end_va = 0x2441fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002440000" filename = "" Region: id = 1050 start_va = 0x2450000 end_va = 0x2470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stobject.dll.mun" filename = "\\Windows\\SystemResources\\stobject.dll.mun" (normalized: "c:\\windows\\systemresources\\stobject.dll.mun") Region: id = 1051 start_va = 0x2480000 end_va = 0x2485fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorerframe.dll.mui" filename = "\\Windows\\System32\\en-US\\explorerframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\explorerframe.dll.mui") Region: id = 1052 start_va = 0x2490000 end_va = 0x249afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "actioncenter.dll.mui" filename = "\\Windows\\System32\\en-US\\ActionCenter.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\actioncenter.dll.mui") Region: id = 1053 start_va = 0x24a0000 end_va = 0x24a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024a0000" filename = "" Region: id = 1054 start_va = 0x24b0000 end_va = 0x24b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024b0000" filename = "" Region: id = 1055 start_va = 0x24c0000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024c0000" filename = "" Region: id = 1056 start_va = 0x24d0000 end_va = 0x24f5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "zoneinfo64.res" filename = "\\Windows\\Globalization\\ICU\\zoneinfo64.res" (normalized: "c:\\windows\\globalization\\icu\\zoneinfo64.res") Region: id = 1057 start_va = 0x2500000 end_va = 0x2560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shell32.dll.mui" filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui") Region: id = 1058 start_va = 0x2570000 end_va = 0x25effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002570000" filename = "" Region: id = 1059 start_va = 0x25f0000 end_va = 0x266ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Region: id = 1060 start_va = 0x2670000 end_va = 0x2751fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 1061 start_va = 0x2760000 end_va = 0x2763fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002760000" filename = "" Region: id = 1062 start_va = 0x2770000 end_va = 0x2776fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 1063 start_va = 0x2780000 end_va = 0x2780fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 1064 start_va = 0x2790000 end_va = 0x27d6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002790000" filename = "" Region: id = 1065 start_va = 0x27e0000 end_va = 0x27e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027e0000" filename = "" Region: id = 1066 start_va = 0x27f0000 end_va = 0x27f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027f0000" filename = "" Region: id = 1067 start_va = 0x2800000 end_va = 0x3a5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1068 start_va = 0x3a60000 end_va = 0x3a60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a60000" filename = "" Region: id = 1069 start_va = 0x3a70000 end_va = 0x3b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a70000" filename = "" Region: id = 1070 start_va = 0x3b70000 end_va = 0x3b70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b70000" filename = "" Region: id = 1071 start_va = 0x3b80000 end_va = 0x3b8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b80000" filename = "" Region: id = 1072 start_va = 0x3b90000 end_va = 0x3b9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b90000" filename = "" Region: id = 1073 start_va = 0x3ba0000 end_va = 0x3baffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ba0000" filename = "" Region: id = 1074 start_va = 0x3bb0000 end_va = 0x3bb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bb0000" filename = "" Region: id = 1075 start_va = 0x3bc0000 end_va = 0x3bc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bc0000" filename = "" Region: id = 1076 start_va = 0x3bd0000 end_va = 0x3bd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bd0000" filename = "" Region: id = 1077 start_va = 0x3be0000 end_va = 0x3be1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003be0000" filename = "" Region: id = 1078 start_va = 0x3bf0000 end_va = 0x3ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bf0000" filename = "" Region: id = 1079 start_va = 0x3cf0000 end_va = 0x3cf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cf0000" filename = "" Region: id = 1080 start_va = 0x3d00000 end_va = 0x3d00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 1081 start_va = 0x3d10000 end_va = 0x3d11fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d10000" filename = "" Region: id = 1082 start_va = 0x3d20000 end_va = 0x3d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d20000" filename = "" Region: id = 1083 start_va = 0x3da0000 end_va = 0x3daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003da0000" filename = "" Region: id = 1084 start_va = 0x3db0000 end_va = 0x3db0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003db0000" filename = "" Region: id = 1085 start_va = 0x3dc0000 end_va = 0x3dc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003dc0000" filename = "" Region: id = 1086 start_va = 0x3dd0000 end_va = 0x3dd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003dd0000" filename = "" Region: id = 1087 start_va = 0x3de0000 end_va = 0x3de0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003de0000" filename = "" Region: id = 1088 start_va = 0x3df0000 end_va = 0x3e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003df0000" filename = "" Region: id = 1089 start_va = 0x3e70000 end_va = 0x3eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 1090 start_va = 0x3ef0000 end_va = 0x3ef1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ef0000" filename = "" Region: id = 1091 start_va = 0x3f00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1092 start_va = 0x4000000 end_va = 0x4000fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 1093 start_va = 0x4010000 end_va = 0x4019fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "combase.dll.mui" filename = "\\Windows\\System32\\en-US\\combase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\combase.dll.mui") Region: id = 1094 start_va = 0x4030000 end_va = 0x4030fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004030000" filename = "" Region: id = 1095 start_va = 0x4040000 end_va = 0x404ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004040000" filename = "" Region: id = 1096 start_va = 0x4060000 end_va = 0x4060fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004060000" filename = "" Region: id = 1097 start_va = 0x4070000 end_va = 0x4070fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004070000" filename = "" Region: id = 1098 start_va = 0x40b0000 end_va = 0x40b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 1099 start_va = 0x40c0000 end_va = 0x413ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040c0000" filename = "" Region: id = 1100 start_va = 0x4140000 end_va = 0x41bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004140000" filename = "" Region: id = 1101 start_va = 0x41c0000 end_va = 0x41f8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000041c0000" filename = "" Region: id = 1102 start_va = 0x4200000 end_va = 0x4201fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004200000" filename = "" Region: id = 1103 start_va = 0x4210000 end_va = 0x421ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 1104 start_va = 0x4220000 end_va = 0x429ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004220000" filename = "" Region: id = 1105 start_va = 0x42a0000 end_va = 0x42a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000042a0000" filename = "" Region: id = 1106 start_va = 0x42b0000 end_va = 0x42b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "twinui.pcshell.dll.mui" filename = "\\Windows\\System32\\en-US\\twinui.pcshell.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\twinui.pcshell.dll.mui") Region: id = 1107 start_va = 0x42c0000 end_va = 0x42c3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "2222399582.pri" filename = "\\Windows\\rescache\\_merged\\1840795356\\2222399582.pri" (normalized: "c:\\windows\\rescache\\_merged\\1840795356\\2222399582.pri") Region: id = 1108 start_va = 0x42d0000 end_va = 0x42d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 1109 start_va = 0x42e0000 end_va = 0x42e8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042e0000" filename = "" Region: id = 1110 start_va = 0x42f0000 end_va = 0x42f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042f0000" filename = "" Region: id = 1111 start_va = 0x4300000 end_va = 0x4301fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004300000" filename = "" Region: id = 1112 start_va = 0x4310000 end_va = 0x4315fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004310000" filename = "" Region: id = 1113 start_va = 0x4320000 end_va = 0x4323fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1114 start_va = 0x4330000 end_va = 0x4378fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db") Region: id = 1115 start_va = 0x4380000 end_va = 0x4383fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1116 start_va = 0x4390000 end_va = 0x442bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1117 start_va = 0x4430000 end_va = 0x443ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1118 start_va = 0x4440000 end_va = 0x44bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004440000" filename = "" Region: id = 1119 start_va = 0x44c0000 end_va = 0x453ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044c0000" filename = "" Region: id = 1120 start_va = 0x4550000 end_va = 0x45cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004550000" filename = "" Region: id = 1121 start_va = 0x4600000 end_va = 0x4603fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 1122 start_va = 0x4620000 end_va = 0x4620fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004620000" filename = "" Region: id = 1123 start_va = 0x4650000 end_va = 0x46cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 1124 start_va = 0x46d0000 end_va = 0x4717fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 1125 start_va = 0x4720000 end_va = 0x4734fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 1126 start_va = 0x4740000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004740000" filename = "" Region: id = 1127 start_va = 0x47e0000 end_va = 0x47e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 1128 start_va = 0x47f0000 end_va = 0x47f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000047f0000" filename = "" Region: id = 1129 start_va = 0x4800000 end_va = 0x487ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1130 start_va = 0x4890000 end_va = 0x4890fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004890000" filename = "" Region: id = 1131 start_va = 0x48d0000 end_va = 0x4917fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048d0000" filename = "" Region: id = 1132 start_va = 0x4920000 end_va = 0x4927fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\System32\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.storage.dll.mui") Region: id = 1133 start_va = 0x4930000 end_va = 0x49affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004930000" filename = "" Region: id = 1134 start_va = 0x49b0000 end_va = 0x4ea1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049b0000" filename = "" Region: id = 1135 start_va = 0x4eb0000 end_va = 0x4f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004eb0000" filename = "" Region: id = 1136 start_va = 0x4f30000 end_va = 0x4fbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sndvolsso.dll.mun" filename = "\\Windows\\SystemResources\\SndVolSSO.dll.mun" (normalized: "c:\\windows\\systemresources\\sndvolsso.dll.mun") Region: id = 1137 start_va = 0x4fc0000 end_va = 0x4fc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sndvolsso.dll.mui" filename = "\\Windows\\System32\\en-US\\sndvolsso.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sndvolsso.dll.mui") Region: id = 1138 start_va = 0x4fd0000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fd0000" filename = "" Region: id = 1139 start_va = 0x5050000 end_va = 0x50cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 1140 start_va = 0x50d0000 end_va = 0x50d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050d0000" filename = "" Region: id = 1141 start_va = 0x50f0000 end_va = 0x50f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnidui.dll.mui" filename = "\\Windows\\System32\\en-US\\pnidui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnidui.dll.mui") Region: id = 1142 start_va = 0x5100000 end_va = 0x5101fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005100000" filename = "" Region: id = 1143 start_va = 0x5110000 end_va = 0x5113fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 1144 start_va = 0x5140000 end_va = 0x5141fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005140000" filename = "" Region: id = 1145 start_va = 0x5150000 end_va = 0x5150fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005150000" filename = "" Region: id = 1146 start_va = 0x5160000 end_va = 0x5160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005160000" filename = "" Region: id = 1147 start_va = 0x5170000 end_va = 0x5170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 1148 start_va = 0x5180000 end_va = 0x5180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 1149 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005190000" filename = "" Region: id = 1150 start_va = 0x51a0000 end_va = 0x51a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051a0000" filename = "" Region: id = 1151 start_va = 0x51b0000 end_va = 0x522ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 1152 start_va = 0x5230000 end_va = 0x52affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1153 start_va = 0x52b0000 end_va = 0x532ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052b0000" filename = "" Region: id = 1154 start_va = 0x5330000 end_va = 0x53affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005330000" filename = "" Region: id = 1155 start_va = 0x53b0000 end_va = 0x54affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053b0000" filename = "" Region: id = 1156 start_va = 0x54b0000 end_va = 0x56affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054b0000" filename = "" Region: id = 1157 start_va = 0x56b0000 end_va = 0x572ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056b0000" filename = "" Region: id = 1158 start_va = 0x5730000 end_va = 0x57affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005730000" filename = "" Region: id = 1159 start_va = 0x57b0000 end_va = 0x57b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000057b0000" filename = "" Region: id = 1160 start_va = 0x57c0000 end_va = 0x583ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057c0000" filename = "" Region: id = 1161 start_va = 0x58c0000 end_va = 0x593ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058c0000" filename = "" Region: id = 1162 start_va = 0x5940000 end_va = 0x5a80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005940000" filename = "" Region: id = 1163 start_va = 0x5ae0000 end_va = 0x5ae1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005ae0000" filename = "" Region: id = 1164 start_va = 0x5af0000 end_va = 0x5af0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005af0000" filename = "" Region: id = 1165 start_va = 0x5b00000 end_va = 0x5b47fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b00000" filename = "" Region: id = 1166 start_va = 0x5b50000 end_va = 0x634ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 1167 start_va = 0x6350000 end_va = 0x63cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006350000" filename = "" Region: id = 1168 start_va = 0x63d0000 end_va = 0x644ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000063d0000" filename = "" Region: id = 1169 start_va = 0x6450000 end_va = 0x6470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellcomponents.pri" filename = "\\Windows\\SystemResources\\ShellComponents\\ShellComponents.pri" (normalized: "c:\\windows\\systemresources\\shellcomponents\\shellcomponents.pri") Region: id = 1170 start_va = 0x6480000 end_va = 0x64fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006480000" filename = "" Region: id = 1171 start_va = 0x6580000 end_va = 0x66befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1172 start_va = 0x66c0000 end_va = 0x66c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066c0000" filename = "" Region: id = 1173 start_va = 0x66d0000 end_va = 0x66d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 1174 start_va = 0x66e0000 end_va = 0x66e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066e0000" filename = "" Region: id = 1175 start_va = 0x66f0000 end_va = 0x66f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000066f0000" filename = "" Region: id = 1176 start_va = 0x6700000 end_va = 0x6707fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 1177 start_va = 0x6710000 end_va = 0x6710fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006710000" filename = "" Region: id = 1178 start_va = 0x6720000 end_va = 0x6720fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006720000" filename = "" Region: id = 1179 start_va = 0x6730000 end_va = 0x692ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006730000" filename = "" Region: id = 1180 start_va = 0x6930000 end_va = 0x6eaafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "prm0009.dll" filename = "\\Windows\\System32\\prm0009.dll" (normalized: "c:\\windows\\system32\\prm0009.dll") Region: id = 1181 start_va = 0x6eb0000 end_va = 0x6f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006eb0000" filename = "" Region: id = 1182 start_va = 0x6f30000 end_va = 0x6faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f30000" filename = "" Region: id = 1183 start_va = 0x6fb0000 end_va = 0x702ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006fb0000" filename = "" Region: id = 1184 start_va = 0x7030000 end_va = 0x70affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007030000" filename = "" Region: id = 1185 start_va = 0x70b0000 end_va = 0x712ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000070b0000" filename = "" Region: id = 1186 start_va = 0x7130000 end_va = 0x912ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007130000" filename = "" Region: id = 1187 start_va = 0x9130000 end_va = 0x91affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009130000" filename = "" Region: id = 1188 start_va = 0x91b0000 end_va = 0x95affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000091b0000" filename = "" Region: id = 1189 start_va = 0x95b0000 end_va = 0x95b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000095b0000" filename = "" Region: id = 1190 start_va = 0x95c0000 end_va = 0x95c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000095c0000" filename = "" Region: id = 1191 start_va = 0x95d0000 end_va = 0x96cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000095d0000" filename = "" Region: id = 1192 start_va = 0x9710000 end_va = 0x9710fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 1193 start_va = 0x9820000 end_va = 0x989ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009820000" filename = "" Region: id = 1194 start_va = 0x9930000 end_va = 0x9937fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 1195 start_va = 0x99a0000 end_va = 0x99a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1196 start_va = 0x99b0000 end_va = 0x99b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000099b0000" filename = "" Region: id = 1197 start_va = 0x99e0000 end_va = 0x99effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000099e0000" filename = "" Region: id = 1198 start_va = 0x9a10000 end_va = 0x9a23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "3968321142.pri" filename = "\\Windows\\rescache\\_merged\\2457103279\\3968321142.pri" (normalized: "c:\\windows\\rescache\\_merged\\2457103279\\3968321142.pri") Region: id = 1199 start_va = 0x9a30000 end_va = 0x9aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009a30000" filename = "" Region: id = 1200 start_va = 0x9b30000 end_va = 0x9baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009b30000" filename = "" Region: id = 1201 start_va = 0x9bb0000 end_va = 0x9c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009bb0000" filename = "" Region: id = 1202 start_va = 0x9c60000 end_va = 0x9c60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c60000" filename = "" Region: id = 1203 start_va = 0x9c70000 end_va = 0x9ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c70000" filename = "" Region: id = 1204 start_va = 0x9cf0000 end_va = 0x9d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009cf0000" filename = "" Region: id = 1205 start_va = 0x9db0000 end_va = 0x9eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009db0000" filename = "" Region: id = 1206 start_va = 0x9eb0000 end_va = 0x9f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009eb0000" filename = "" Region: id = 1207 start_va = 0x9fb0000 end_va = 0xa02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fb0000" filename = "" Region: id = 1208 start_va = 0xa030000 end_va = 0xa12ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 1209 start_va = 0xa1b0000 end_va = 0xa341fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.ui.shellcommon.pri" filename = "\\Windows\\SystemResources\\Windows.UI.ShellCommon\\Windows.UI.ShellCommon.pri" (normalized: "c:\\windows\\systemresources\\windows.ui.shellcommon\\windows.ui.shellcommon.pri") Region: id = 1210 start_va = 0xa3d0000 end_va = 0xa3d7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 1211 start_va = 0xa400000 end_va = 0xa403fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 1212 start_va = 0xa450000 end_va = 0xa4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a450000" filename = "" Region: id = 1213 start_va = 0xa4d0000 end_va = 0xa54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a4d0000" filename = "" Region: id = 1214 start_va = 0xa550000 end_va = 0xa5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a550000" filename = "" Region: id = 1215 start_va = 0xa5d0000 end_va = 0xa64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a5d0000" filename = "" Region: id = 1216 start_va = 0xa650000 end_va = 0xa6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a650000" filename = "" Region: id = 1217 start_va = 0xa6d0000 end_va = 0xa722fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 1218 start_va = 0xa730000 end_va = 0xb72ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 1219 start_va = 0xb730000 end_va = 0xbf2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-s-1-5-21-245394380-2276627025-4024548581-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-245394380-2276627025-4024548581-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-245394380-2276627025-4024548581-1000.dat") Region: id = 1220 start_va = 0xbf30000 end_va = 0xc019fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 1221 start_va = 0xc020000 end_va = 0xc0cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.ui.xaml.resources.19h1.dll" filename = "\\Windows\\System32\\Windows.UI.Xaml.Resources.19h1.dll" (normalized: "c:\\windows\\system32\\windows.ui.xaml.resources.19h1.dll") Region: id = 1222 start_va = 0xc1d0000 end_va = 0xc24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c1d0000" filename = "" Region: id = 1223 start_va = 0xc250000 end_va = 0xc2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c250000" filename = "" Region: id = 1224 start_va = 0xc2d0000 end_va = 0xc34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c2d0000" filename = "" Region: id = 1225 start_va = 0xc550000 end_va = 0xc5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c550000" filename = "" Region: id = 1226 start_va = 0xc5e0000 end_va = 0xc5e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 1227 start_va = 0xc640000 end_va = 0xc6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c640000" filename = "" Region: id = 1228 start_va = 0xc7d0000 end_va = 0xc84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c7d0000" filename = "" Region: id = 1229 start_va = 0xc850000 end_va = 0xd04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c850000" filename = "" Region: id = 1230 start_va = 0xd050000 end_va = 0xd0cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d050000" filename = "" Region: id = 1231 start_va = 0xd0d0000 end_va = 0xd27afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 1232 start_va = 0xd280000 end_va = 0xd37ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 1233 start_va = 0xd380000 end_va = 0xd47ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 1234 start_va = 0xd6d0000 end_va = 0xd7cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 1235 start_va = 0xd7d0000 end_va = 0xd84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d7d0000" filename = "" Region: id = 1236 start_va = 0xda80000 end_va = 0xdb7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 1237 start_va = 0xe180000 end_va = 0xe27ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 1238 start_va = 0xe380000 end_va = 0xe47ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 1239 start_va = 0xe6b0000 end_va = 0xe6b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 1240 start_va = 0xe6c0000 end_va = 0xe7bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_32.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db") Region: id = 1241 start_va = 0xe8c0000 end_va = 0xe9bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 1242 start_va = 0xed40000 end_va = 0xee3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 1243 start_va = 0xf3c0000 end_va = 0xf43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f3c0000" filename = "" Region: id = 1244 start_va = 0x10170000 end_va = 0x1026ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 1245 start_va = 0x104f0000 end_va = 0x104f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 1246 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1247 start_va = 0x7ff4fde80000 end_va = 0x7ff4fde8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fde80000" filename = "" Region: id = 1248 start_va = 0x7ff4fde90000 end_va = 0x7ff4fdf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff4fde90000" filename = "" Region: id = 1249 start_va = 0x7ff4fdf90000 end_va = 0x7ff5fdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdf90000" filename = "" Region: id = 1250 start_va = 0x7ff5fdfb0000 end_va = 0x7ff5fffb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fdfb0000" filename = "" Region: id = 1251 start_va = 0x7ff5fffc0000 end_va = 0x7ff5fffc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffc0000" filename = "" Region: id = 1252 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 1253 start_va = 0x7ff6f8130000 end_va = 0x7ff6f8572fff monitored = 0 entry_point = 0x7ff6f81c6d20 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 1254 start_va = 0x7ffa83a50000 end_va = 0x7ffa84199fff monitored = 0 entry_point = 0x7ffa83b6b240 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 1255 start_va = 0x7ffa84ed0000 end_va = 0x7ffa84f12fff monitored = 0 entry_point = 0x7ffa84ed1810 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1256 start_va = 0x7ffa84f20000 end_va = 0x7ffa850cdfff monitored = 0 entry_point = 0x7ffa84f65290 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll") Region: id = 1257 start_va = 0x7ffa850d0000 end_va = 0x7ffa850e0fff monitored = 0 entry_point = 0x7ffa850d12e0 region_type = mapped_file name = "credui.dll" filename = "\\Windows\\System32\\credui.dll" (normalized: "c:\\windows\\system32\\credui.dll") Region: id = 1258 start_va = 0x7ffa850f0000 end_va = 0x7ffa85153fff monitored = 0 entry_point = 0x7ffa8512ca70 region_type = mapped_file name = "useroobe.dll" filename = "\\Windows\\System32\\oobe\\UserOOBE.dll" (normalized: "c:\\windows\\system32\\oobe\\useroobe.dll") Region: id = 1259 start_va = 0x7ffa86220000 end_va = 0x7ffa86261fff monitored = 0 entry_point = 0x7ffa86226d40 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 1260 start_va = 0x7ffa86270000 end_va = 0x7ffa862ecfff monitored = 0 entry_point = 0x7ffa862726f0 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 1261 start_va = 0x7ffa862f0000 end_va = 0x7ffa864abfff monitored = 0 entry_point = 0x7ffa8631b1f0 region_type = mapped_file name = "cdprt.dll" filename = "\\Windows\\System32\\cdprt.dll" (normalized: "c:\\windows\\system32\\cdprt.dll") Region: id = 1262 start_va = 0x7ffa865a0000 end_va = 0x7ffa86679fff monitored = 0 entry_point = 0x7ffa865a6450 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll") Region: id = 1263 start_va = 0x7ffa86b70000 end_va = 0x7ffa86c48fff monitored = 0 entry_point = 0x7ffa86b753c0 region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll") Region: id = 1264 start_va = 0x7ffa86c50000 end_va = 0x7ffa86df5fff monitored = 0 entry_point = 0x7ffa86ca6b40 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.207_none_faee9ef77614c0c2\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.207_none_faee9ef77614c0c2\\gdiplus.dll") Region: id = 1265 start_va = 0x7ffa86e10000 end_va = 0x7ffa86e27fff monitored = 0 entry_point = 0x7ffa86e11360 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1266 start_va = 0x7ffa87970000 end_va = 0x7ffa8799efff monitored = 0 entry_point = 0x7ffa87989ea0 region_type = mapped_file name = "storageusage.dll" filename = "\\Windows\\System32\\StorageUsage.dll" (normalized: "c:\\windows\\system32\\storageusage.dll") Region: id = 1267 start_va = 0x7ffa87ae0000 end_va = 0x7ffa87b33fff monitored = 0 entry_point = 0x7ffa87ae3650 region_type = mapped_file name = "msiso.dll" filename = "\\Windows\\System32\\msIso.dll" (normalized: "c:\\windows\\system32\\msiso.dll") Region: id = 1268 start_va = 0x7ffa87c40000 end_va = 0x7ffa87c91fff monitored = 0 entry_point = 0x7ffa87c53150 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1269 start_va = 0x7ffa87ca0000 end_va = 0x7ffa87cdbfff monitored = 0 entry_point = 0x7ffa87ca68a0 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll") Region: id = 1270 start_va = 0x7ffa87ce0000 end_va = 0x7ffa87cf5fff monitored = 0 entry_point = 0x7ffa87ce3a20 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\System32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll") Region: id = 1271 start_va = 0x7ffa88190000 end_va = 0x7ffa881e0fff monitored = 0 entry_point = 0x7ffa881bcd20 region_type = mapped_file name = "cloudexperiencehostbroker.dll" filename = "\\Windows\\System32\\CloudExperienceHostBroker.dll" (normalized: "c:\\windows\\system32\\cloudexperiencehostbroker.dll") Region: id = 1272 start_va = 0x7ffa88840000 end_va = 0x7ffa88885fff monitored = 0 entry_point = 0x7ffa888427a0 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 1273 start_va = 0x7ffa88bc0000 end_va = 0x7ffa88c20fff monitored = 0 entry_point = 0x7ffa88c01980 region_type = mapped_file name = "windows.fileexplorer.common.dll" filename = "\\Windows\\System32\\Windows.FileExplorer.Common.dll" (normalized: "c:\\windows\\system32\\windows.fileexplorer.common.dll") Region: id = 1274 start_va = 0x7ffa88c30000 end_va = 0x7ffa88e48fff monitored = 0 entry_point = 0x7ffa88c3daf0 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 1275 start_va = 0x7ffa88e50000 end_va = 0x7ffa88ea2fff monitored = 0 entry_point = 0x7ffa88e58810 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 1276 start_va = 0x7ffa88eb0000 end_va = 0x7ffa88ebcfff monitored = 0 entry_point = 0x7ffa88eb4630 region_type = mapped_file name = "atlthunk.dll" filename = "\\Windows\\System32\\atlthunk.dll" (normalized: "c:\\windows\\system32\\atlthunk.dll") Region: id = 1277 start_va = 0x7ffa88ec0000 end_va = 0x7ffa88ed8fff monitored = 0 entry_point = 0x7ffa88ec2820 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 1278 start_va = 0x7ffa88ee0000 end_va = 0x7ffa88f20fff monitored = 0 entry_point = 0x7ffa88ee1e00 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 1279 start_va = 0x7ffa88f30000 end_va = 0x7ffa88fa9fff monitored = 0 entry_point = 0x7ffa88f32550 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 1280 start_va = 0x7ffa89090000 end_va = 0x7ffa892bdfff monitored = 0 entry_point = 0x7ffa890a35e0 region_type = mapped_file name = "icu.dll" filename = "\\Windows\\System32\\icu.dll" (normalized: "c:\\windows\\system32\\icu.dll") Region: id = 1281 start_va = 0x7ffa8b3e0000 end_va = 0x7ffa8b430fff monitored = 0 entry_point = 0x7ffa8b3e7350 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 1282 start_va = 0x7ffa8b570000 end_va = 0x7ffa8b5adfff monitored = 0 entry_point = 0x7ffa8b5738e0 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 1283 start_va = 0x7ffa8b5d0000 end_va = 0x7ffa8b5fffff monitored = 0 entry_point = 0x7ffa8b5dbe20 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 1284 start_va = 0x7ffa8b600000 end_va = 0x7ffa8b7bafff monitored = 0 entry_point = 0x7ffa8b634590 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 1285 start_va = 0x7ffa8cab0000 end_va = 0x7ffa8cb0dfff monitored = 0 entry_point = 0x7ffa8cab24d0 region_type = mapped_file name = "wpnclient.dll" filename = "\\Windows\\System32\\wpnclient.dll" (normalized: "c:\\windows\\system32\\wpnclient.dll") Region: id = 1286 start_va = 0x7ffa8cb10000 end_va = 0x7ffa8cbe9fff monitored = 0 entry_point = 0x7ffa8cb365a0 region_type = mapped_file name = "windows.internal.shell.broker.dll" filename = "\\Windows\\System32\\Windows.Internal.Shell.Broker.dll" (normalized: "c:\\windows\\system32\\windows.internal.shell.broker.dll") Region: id = 1287 start_va = 0x7ffa8d510000 end_va = 0x7ffa8d53efff monitored = 0 entry_point = 0x7ffa8d52ac30 region_type = mapped_file name = "cflapi.dll" filename = "\\Windows\\System32\\cflapi.dll" (normalized: "c:\\windows\\system32\\cflapi.dll") Region: id = 1288 start_va = 0x7ffa8d540000 end_va = 0x7ffa8d5affff monitored = 0 entry_point = 0x7ffa8d553d40 region_type = mapped_file name = "cryptngc.dll" filename = "\\Windows\\System32\\cryptngc.dll" (normalized: "c:\\windows\\system32\\cryptngc.dll") Region: id = 1289 start_va = 0x7ffa8d5b0000 end_va = 0x7ffa8d65efff monitored = 0 entry_point = 0x7ffa8d5b44f0 region_type = mapped_file name = "shellcommoncommonproxystub.dll" filename = "\\Windows\\System32\\ShellCommonCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\shellcommoncommonproxystub.dll") Region: id = 1290 start_va = 0x7ffa8d660000 end_va = 0x7ffa8d670fff monitored = 0 entry_point = 0x7ffa8d661af0 region_type = mapped_file name = "pcshellcommonproxystub.dll" filename = "\\Windows\\System32\\PCShellCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\pcshellcommonproxystub.dll") Region: id = 1291 start_va = 0x7ffa8d680000 end_va = 0x7ffa8d788fff monitored = 0 entry_point = 0x7ffa8d6a7910 region_type = mapped_file name = "windows.ui.core.textinput.dll" filename = "\\Windows\\System32\\Windows.UI.Core.TextInput.dll" (normalized: "c:\\windows\\system32\\windows.ui.core.textinput.dll") Region: id = 1292 start_va = 0x7ffa8d790000 end_va = 0x7ffa8d80cfff monitored = 0 entry_point = 0x7ffa8d798340 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 1293 start_va = 0x7ffa8d810000 end_va = 0x7ffa8d88ffff monitored = 0 entry_point = 0x7ffa8d85b0c0 region_type = mapped_file name = "dictationmanager.dll" filename = "\\Windows\\System32\\DictationManager.dll" (normalized: "c:\\windows\\system32\\dictationmanager.dll") Region: id = 1294 start_va = 0x7ffa8d890000 end_va = 0x7ffa8da69fff monitored = 0 entry_point = 0x7ffa8d8b1560 region_type = mapped_file name = "windowsudk.shellcommon.dll" filename = "\\Windows\\System32\\windowsudk.shellcommon.dll" (normalized: "c:\\windows\\system32\\windowsudk.shellcommon.dll") Region: id = 1295 start_va = 0x7ffa8db90000 end_va = 0x7ffa8dc16fff monitored = 0 entry_point = 0x7ffa8db91e10 region_type = mapped_file name = "windows.data.activities.dll" filename = "\\Windows\\System32\\Windows.Data.Activities.dll" (normalized: "c:\\windows\\system32\\windows.data.activities.dll") Region: id = 1296 start_va = 0x7ffa8dd70000 end_va = 0x7ffa8dfcdfff monitored = 0 entry_point = 0x7ffa8ddd8a80 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 1297 start_va = 0x7ffa8e3b0000 end_va = 0x7ffa8e52bfff monitored = 0 entry_point = 0x7ffa8e496f30 region_type = mapped_file name = "taskflowdataengine.dll" filename = "\\Windows\\System32\\TaskFlowDataEngine.dll" (normalized: "c:\\windows\\system32\\taskflowdataengine.dll") Region: id = 1298 start_va = 0x7ffa8e530000 end_va = 0x7ffa8e63ffff monitored = 0 entry_point = 0x7ffa8e5e3a20 region_type = mapped_file name = "windows.internal.signals.dll" filename = "\\Windows\\System32\\Windows.Internal.Signals.dll" (normalized: "c:\\windows\\system32\\windows.internal.signals.dll") Region: id = 1299 start_va = 0x7ffa8e640000 end_va = 0x7ffa8e693fff monitored = 0 entry_point = 0x7ffa8e676a80 region_type = mapped_file name = "windows.shell.bluelightreduction.dll" filename = "\\Windows\\System32\\Windows.Shell.BlueLightReduction.dll" (normalized: "c:\\windows\\system32\\windows.shell.bluelightreduction.dll") Region: id = 1300 start_va = 0x7ffa8e6a0000 end_va = 0x7ffa8e762fff monitored = 0 entry_point = 0x7ffa8e6ae000 region_type = mapped_file name = "windows.web.dll" filename = "\\Windows\\System32\\Windows.Web.dll" (normalized: "c:\\windows\\system32\\windows.web.dll") Region: id = 1301 start_va = 0x7ffa8e770000 end_va = 0x7ffa8e7a4fff monitored = 0 entry_point = 0x7ffa8e78f4a0 region_type = mapped_file name = "npsm.dll" filename = "\\Windows\\System32\\NPSM.dll" (normalized: "c:\\windows\\system32\\npsm.dll") Region: id = 1302 start_va = 0x7ffa8e880000 end_va = 0x7ffa8e8ebfff monitored = 0 entry_point = 0x7ffa8e88d1e0 region_type = mapped_file name = "abovelockapphost.dll" filename = "\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll") Region: id = 1303 start_va = 0x7ffa8e8f0000 end_va = 0x7ffa8e916fff monitored = 0 entry_point = 0x7ffa8e8f4220 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 1304 start_va = 0x7ffa8e920000 end_va = 0x7ffa8e93bfff monitored = 0 entry_point = 0x7ffa8e92eb20 region_type = mapped_file name = "virtualmonitormanager.dll" filename = "\\Windows\\System32\\VirtualMonitorManager.dll" (normalized: "c:\\windows\\system32\\virtualmonitormanager.dll") Region: id = 1305 start_va = 0x7ffa8e940000 end_va = 0x7ffa8ea12fff monitored = 0 entry_point = 0x7ffa8e9c1ad0 region_type = mapped_file name = "holographicextensions.dll" filename = "\\Windows\\System32\\HolographicExtensions.dll" (normalized: "c:\\windows\\system32\\holographicextensions.dll") Region: id = 1306 start_va = 0x7ffa8ec20000 end_va = 0x7ffa8ec2bfff monitored = 0 entry_point = 0x7ffa8ec22560 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1307 start_va = 0x7ffa8edb0000 end_va = 0x7ffa8ee7cfff monitored = 0 entry_point = 0x7ffa8edb5b60 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 1308 start_va = 0x7ffa8ee80000 end_va = 0x7ffa8eeb6fff monitored = 0 entry_point = 0x7ffa8ee82e30 region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 1309 start_va = 0x7ffa8eec0000 end_va = 0x7ffa8ef6afff monitored = 0 entry_point = 0x7ffa8eef0af0 region_type = mapped_file name = "applicationframe.dll" filename = "\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll") Region: id = 1310 start_va = 0x7ffa8ef70000 end_va = 0x7ffa8efb8fff monitored = 0 entry_point = 0x7ffa8ef73550 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 1311 start_va = 0x7ffa8efc0000 end_va = 0x7ffa8f5adfff monitored = 0 entry_point = 0x7ffa8f074e60 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\System32\\twinui.dll" (normalized: "c:\\windows\\system32\\twinui.dll") Region: id = 1312 start_va = 0x7ffa8f5b0000 end_va = 0x7ffa8f5bcfff monitored = 0 entry_point = 0x7ffa8f5b1df0 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 1313 start_va = 0x7ffa8f5c0000 end_va = 0x7ffa8f63cfff monitored = 0 entry_point = 0x7ffa8f5d17b0 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 1314 start_va = 0x7ffa8f800000 end_va = 0x7ffa8f823fff monitored = 0 entry_point = 0x7ffa8f801790 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 1315 start_va = 0x7ffa8f830000 end_va = 0x7ffa8f895fff monitored = 0 entry_point = 0x7ffa8f84d000 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 1316 start_va = 0x7ffa8f8a0000 end_va = 0x7ffa8f8c1fff monitored = 0 entry_point = 0x7ffa8f8b5070 region_type = mapped_file name = "cldapi.dll" filename = "\\Windows\\System32\\cldapi.dll" (normalized: "c:\\windows\\system32\\cldapi.dll") Region: id = 1317 start_va = 0x7ffa8f8d0000 end_va = 0x7ffa8f98dfff monitored = 0 entry_point = 0x7ffa8f8e3a80 region_type = mapped_file name = "windows.immersiveshell.serviceprovider.dll" filename = "\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll") Region: id = 1318 start_va = 0x7ffa8f990000 end_va = 0x7ffa8ff5cfff monitored = 0 entry_point = 0x7ffa8fa19030 region_type = mapped_file name = "twinui.pcshell.dll" filename = "\\Windows\\System32\\twinui.pcshell.dll" (normalized: "c:\\windows\\system32\\twinui.pcshell.dll") Region: id = 1319 start_va = 0x7ffa8ff60000 end_va = 0x7ffa9017efff monitored = 0 entry_point = 0x7ffa8ffe6f20 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 1320 start_va = 0x7ffa90180000 end_va = 0x7ffa901bdfff monitored = 0 entry_point = 0x7ffa90187f40 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 1321 start_va = 0x7ffa901c0000 end_va = 0x7ffa90225fff monitored = 0 entry_point = 0x7ffa901ceb60 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 1322 start_va = 0x7ffa90230000 end_va = 0x7ffa9027ffff monitored = 0 entry_point = 0x7ffa9023a9a0 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 1323 start_va = 0x7ffa90280000 end_va = 0x7ffa90396fff monitored = 0 entry_point = 0x7ffa902dcbc0 region_type = mapped_file name = "settingsynccore.dll" filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll") Region: id = 1324 start_va = 0x7ffa903a0000 end_va = 0x7ffa90922fff monitored = 0 entry_point = 0x7ffa904c4880 region_type = mapped_file name = "starttiledata.dll" filename = "\\Windows\\System32\\StartTileData.dll" (normalized: "c:\\windows\\system32\\starttiledata.dll") Region: id = 1325 start_va = 0x7ffa90990000 end_va = 0x7ffa90c29fff monitored = 0 entry_point = 0x7ffa90a296c0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec\\comctl32.dll") Region: id = 1326 start_va = 0x7ffa90c30000 end_va = 0x7ffa90cd8fff monitored = 0 entry_point = 0x7ffa90c3e040 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll") Region: id = 1327 start_va = 0x7ffa90ce0000 end_va = 0x7ffa90d6afff monitored = 0 entry_point = 0x7ffa90cf7060 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 1328 start_va = 0x7ffa90d70000 end_va = 0x7ffa90d8ffff monitored = 0 entry_point = 0x7ffa90d78480 region_type = mapped_file name = "windows.staterepositorybroker.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryBroker.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorybroker.dll") Region: id = 1329 start_va = 0x7ffa90da0000 end_va = 0x7ffa90dfdfff monitored = 0 entry_point = 0x7ffa90da2ba0 region_type = mapped_file name = "notificationcontrollerps.dll" filename = "\\Windows\\System32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll") Region: id = 1330 start_va = 0x7ffa90ea0000 end_va = 0x7ffa90fe3fff monitored = 0 entry_point = 0x7ffa90ebbfd0 region_type = mapped_file name = "wpnapps.dll" filename = "\\Windows\\System32\\wpnapps.dll" (normalized: "c:\\windows\\system32\\wpnapps.dll") Region: id = 1331 start_va = 0x7ffa90ff0000 end_va = 0x7ffa910d7fff monitored = 0 entry_point = 0x7ffa9103f5b0 region_type = mapped_file name = "windows.cloudstore.schema.shell.dll" filename = "\\Windows\\System32\\Windows.CloudStore.Schema.Shell.dll" (normalized: "c:\\windows\\system32\\windows.cloudstore.schema.shell.dll") Region: id = 1332 start_va = 0x7ffa910e0000 end_va = 0x7ffa91116fff monitored = 0 entry_point = 0x7ffa910e8c10 region_type = mapped_file name = "appextension.dll" filename = "\\Windows\\System32\\AppExtension.dll" (normalized: "c:\\windows\\system32\\appextension.dll") Region: id = 1333 start_va = 0x7ffa91120000 end_va = 0x7ffa911affff monitored = 0 entry_point = 0x7ffa91182720 region_type = mapped_file name = "appresolver.dll" filename = "\\Windows\\System32\\AppResolver.dll" (normalized: "c:\\windows\\system32\\appresolver.dll") Region: id = 1334 start_va = 0x7ffa917c0000 end_va = 0x7ffa91806fff monitored = 0 entry_point = 0x7ffa917edc00 region_type = mapped_file name = "container.dll" filename = "\\Windows\\System32\\container.dll" (normalized: "c:\\windows\\system32\\container.dll") Region: id = 1335 start_va = 0x7ffa91810000 end_va = 0x7ffa9184ffff monitored = 0 entry_point = 0x7ffa91815af0 region_type = mapped_file name = "windows.staterepositoryclient.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryClient.dll" (normalized: "c:\\windows\\system32\\windows.staterepositoryclient.dll") Region: id = 1336 start_va = 0x7ffa918f0000 end_va = 0x7ffa91989fff monitored = 0 entry_point = 0x7ffa918f60e0 region_type = mapped_file name = "uiamanager.dll" filename = "\\Windows\\System32\\UiaManager.dll" (normalized: "c:\\windows\\system32\\uiamanager.dll") Region: id = 1337 start_va = 0x7ffa91990000 end_va = 0x7ffa91a34fff monitored = 0 entry_point = 0x7ffa919967f0 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 1338 start_va = 0x7ffa91a60000 end_va = 0x7ffa91b1bfff monitored = 0 entry_point = 0x7ffa91add430 region_type = mapped_file name = "windows.system.launcher.dll" filename = "\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll") Region: id = 1339 start_va = 0x7ffa91d30000 end_va = 0x7ffa91dc8fff monitored = 0 entry_point = 0x7ffa91d3e1c0 region_type = mapped_file name = "tiledatarepository.dll" filename = "\\Windows\\System32\\TileDataRepository.dll" (normalized: "c:\\windows\\system32\\tiledatarepository.dll") Region: id = 1340 start_va = 0x7ffa92060000 end_va = 0x7ffa92108fff monitored = 0 entry_point = 0x7ffa92069a00 region_type = mapped_file name = "wlidprov.dll" filename = "\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll") Region: id = 1341 start_va = 0x7ffa92980000 end_va = 0x7ffa92a9cfff monitored = 0 entry_point = 0x7ffa9299dc60 region_type = mapped_file name = "windows.security.authentication.web.core.dll" filename = "\\Windows\\System32\\Windows.Security.Authentication.Web.Core.dll" (normalized: "c:\\windows\\system32\\windows.security.authentication.web.core.dll") Region: id = 1342 start_va = 0x7ffa92b80000 end_va = 0x7ffa92b8afff monitored = 0 entry_point = 0x7ffa92b83070 region_type = mapped_file name = "fltlib.dll" filename = "\\Windows\\System32\\fltLib.dll" (normalized: "c:\\windows\\system32\\fltlib.dll") Region: id = 1343 start_va = 0x7ffa92b90000 end_va = 0x7ffa92c3dfff monitored = 0 entry_point = 0x7ffa92bff9d0 region_type = mapped_file name = "daxexec.dll" filename = "\\Windows\\System32\\daxexec.dll" (normalized: "c:\\windows\\system32\\daxexec.dll") Region: id = 1344 start_va = 0x7ffa92c70000 end_va = 0x7ffa92d27fff monitored = 0 entry_point = 0x7ffa92c7d870 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 1345 start_va = 0x7ffa931c0000 end_va = 0x7ffa931ebfff monitored = 0 entry_point = 0x7ffa931db730 region_type = mapped_file name = "dbgcore.dll" filename = "\\Windows\\System32\\dbgcore.dll" (normalized: "c:\\windows\\system32\\dbgcore.dll") Region: id = 1346 start_va = 0x7ffa931f0000 end_va = 0x7ffa933d3fff monitored = 0 entry_point = 0x7ffa9320a770 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 1347 start_va = 0x7ffa93480000 end_va = 0x7ffa9391dfff monitored = 0 entry_point = 0x7ffa934d1e80 region_type = mapped_file name = "cdp.dll" filename = "\\Windows\\System32\\cdp.dll" (normalized: "c:\\windows\\system32\\cdp.dll") Region: id = 1348 start_va = 0x7ffa939e0000 end_va = 0x7ffa939f1fff monitored = 0 entry_point = 0x7ffa939e3330 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1349 start_va = 0x7ffa93a70000 end_va = 0x7ffa93a8cfff monitored = 0 entry_point = 0x7ffa93a728d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 1350 start_va = 0x7ffa93bc0000 end_va = 0x7ffa93c78fff monitored = 0 entry_point = 0x7ffa93bcd080 region_type = mapped_file name = "settingsync.dll" filename = "\\Windows\\System32\\SettingSync.dll" (normalized: "c:\\windows\\system32\\settingsync.dll") Region: id = 1351 start_va = 0x7ffa93c80000 end_va = 0x7ffa93e73fff monitored = 0 entry_point = 0x7ffa93d04bf0 region_type = mapped_file name = "windows.cloudstore.dll" filename = "\\Windows\\System32\\Windows.CloudStore.dll" (normalized: "c:\\windows\\system32\\windows.cloudstore.dll") Region: id = 1352 start_va = 0x7ffa93f00000 end_va = 0x7ffa93f7cfff monitored = 0 entry_point = 0x7ffa93f03a80 region_type = mapped_file name = "onecorecommonproxystub.dll" filename = "\\Windows\\System32\\OneCoreCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\onecorecommonproxystub.dll") Region: id = 1353 start_va = 0x7ffa94430000 end_va = 0x7ffa944affff monitored = 0 entry_point = 0x7ffa944390a0 region_type = mapped_file name = "photometadatahandler.dll" filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll") Region: id = 1354 start_va = 0x7ffa944f0000 end_va = 0x7ffa94517fff monitored = 0 entry_point = 0x7ffa944f2110 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1355 start_va = 0x7ffa94520000 end_va = 0x7ffa9454afff monitored = 0 entry_point = 0x7ffa94526c40 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 1356 start_va = 0x7ffa94740000 end_va = 0x7ffa9494dfff monitored = 0 entry_point = 0x7ffa948b4360 region_type = mapped_file name = "taskflowui.dll" filename = "\\Windows\\ShellComponents\\TaskFlowUI.dll" (normalized: "c:\\windows\\shellcomponents\\taskflowui.dll") Region: id = 1357 start_va = 0x7ffa94950000 end_va = 0x7ffa94b9afff monitored = 0 entry_point = 0x7ffa94aebfa0 region_type = mapped_file name = "windowsinternal.composableshell.experiences.switcher.dll" filename = "\\Windows\\ShellComponents\\WindowsInternal.ComposableShell.Experiences.Switcher.dll" (normalized: "c:\\windows\\shellcomponents\\windowsinternal.composableshell.experiences.switcher.dll") Region: id = 1358 start_va = 0x7ffa94c90000 end_va = 0x7ffa94caffff monitored = 0 entry_point = 0x7ffa94ca7360 region_type = mapped_file name = "devdispitemprovider.dll" filename = "\\Windows\\System32\\DevDispItemProvider.dll" (normalized: "c:\\windows\\system32\\devdispitemprovider.dll") Region: id = 1359 start_va = 0x7ffa94cb0000 end_va = 0x7ffa94cf4fff monitored = 0 entry_point = 0x7ffa94cbaef0 region_type = mapped_file name = "mswb7.dll" filename = "\\Windows\\System32\\MSWB7.dll" (normalized: "c:\\windows\\system32\\mswb7.dll") Region: id = 1360 start_va = 0x7ffa94d00000 end_va = 0x7ffa94dabfff monitored = 0 entry_point = 0x7ffa94d2d6a0 region_type = mapped_file name = "structuredquery.dll" filename = "\\Windows\\System32\\StructuredQuery.dll" (normalized: "c:\\windows\\system32\\structuredquery.dll") Region: id = 1361 start_va = 0x7ffa94db0000 end_va = 0x7ffa94e36fff monitored = 0 entry_point = 0x7ffa94dbe4d0 region_type = mapped_file name = "windows.devices.enumeration.dll" filename = "\\Windows\\System32\\Windows.Devices.Enumeration.dll" (normalized: "c:\\windows\\system32\\windows.devices.enumeration.dll") Region: id = 1362 start_va = 0x7ffa94e50000 end_va = 0x7ffa94eccfff monitored = 0 entry_point = 0x7ffa94e95320 region_type = mapped_file name = "tilecontrol.dll" filename = "\\Windows\\ShellExperiences\\TileControl.dll" (normalized: "c:\\windows\\shellexperiences\\tilecontrol.dll") Region: id = 1363 start_va = 0x7ffa94ed0000 end_va = 0x7ffa94f1bfff monitored = 0 entry_point = 0x7ffa94ed5fd0 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll") Region: id = 1364 start_va = 0x7ffa95010000 end_va = 0x7ffa95061fff monitored = 0 entry_point = 0x7ffa95035540 region_type = mapped_file name = "smartscreenps.dll" filename = "\\Windows\\System32\\smartscreenps.dll" (normalized: "c:\\windows\\system32\\smartscreenps.dll") Region: id = 1365 start_va = 0x7ffa95160000 end_va = 0x7ffa95639fff monitored = 0 entry_point = 0x7ffa9522c180 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1366 start_va = 0x7ffa95640000 end_va = 0x7ffa9564dfff monitored = 0 entry_point = 0x7ffa956426d0 region_type = mapped_file name = "windows.ui.shell.dll" filename = "\\Windows\\System32\\Windows.UI.Shell.dll" (normalized: "c:\\windows\\system32\\windows.ui.shell.dll") Region: id = 1367 start_va = 0x7ffa95650000 end_va = 0x7ffa9565efff monitored = 0 entry_point = 0x7ffa95651450 region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 1368 start_va = 0x7ffa95e90000 end_va = 0x7ffa95ec3fff monitored = 0 entry_point = 0x7ffa95eaf490 region_type = mapped_file name = "ethernetmediamanager.dll" filename = "\\Windows\\System32\\EthernetMediaManager.dll" (normalized: "c:\\windows\\system32\\ethernetmediamanager.dll") Region: id = 1369 start_va = 0x7ffa95ed0000 end_va = 0x7ffa95f3cfff monitored = 0 entry_point = 0x7ffa95ef6a60 region_type = mapped_file name = "networkuxbroker.dll" filename = "\\Windows\\System32\\NetworkUXBroker.dll" (normalized: "c:\\windows\\system32\\networkuxbroker.dll") Region: id = 1370 start_va = 0x7ffa95f70000 end_va = 0x7ffa95ff6fff monitored = 0 entry_point = 0x7ffa95f7cad0 region_type = mapped_file name = "inputswitch.dll" filename = "\\Windows\\System32\\InputSwitch.dll" (normalized: "c:\\windows\\system32\\inputswitch.dll") Region: id = 1371 start_va = 0x7ffa96370000 end_va = 0x7ffa96399fff monitored = 0 entry_point = 0x7ffa9637f730 region_type = mapped_file name = "windows.internal.system.userprofile.dll" filename = "\\Windows\\System32\\Windows.Internal.System.UserProfile.dll" (normalized: "c:\\windows\\system32\\windows.internal.system.userprofile.dll") Region: id = 1372 start_va = 0x7ffa97160000 end_va = 0x7ffa97242fff monitored = 0 entry_point = 0x7ffa971749e0 region_type = mapped_file name = "windows.applicationmodel.dll" filename = "\\Windows\\System32\\Windows.ApplicationModel.dll" (normalized: "c:\\windows\\system32\\windows.applicationmodel.dll") Region: id = 1373 start_va = 0x7ffa97250000 end_va = 0x7ffa97395fff monitored = 0 entry_point = 0x7ffa97257620 region_type = mapped_file name = "windows.staterepositoryps.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryPS.dll" (normalized: "c:\\windows\\system32\\windows.staterepositoryps.dll") Region: id = 1374 start_va = 0x7ffa97590000 end_va = 0x7ffa975a0fff monitored = 0 entry_point = 0x7ffa97593900 region_type = mapped_file name = "windows.staterepositorycore.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryCore.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorycore.dll") Region: id = 1375 start_va = 0x7ffa976a0000 end_va = 0x7ffa97750fff monitored = 0 entry_point = 0x7ffa976e6e10 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 1376 start_va = 0x7ffa97760000 end_va = 0x7ffa97ce5fff monitored = 0 entry_point = 0x7ffa977b7790 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 1377 start_va = 0x7ffa97f30000 end_va = 0x7ffa97f41fff monitored = 0 entry_point = 0x7ffa97f37280 region_type = mapped_file name = "efsutil.dll" filename = "\\Windows\\System32\\efsutil.dll" (normalized: "c:\\windows\\system32\\efsutil.dll") Region: id = 1378 start_va = 0x7ffa98020000 end_va = 0x7ffa9808efff monitored = 0 entry_point = 0x7ffa98063190 region_type = mapped_file name = "fhcfg.dll" filename = "\\Windows\\System32\\fhcfg.dll" (normalized: "c:\\windows\\system32\\fhcfg.dll") Region: id = 1379 start_va = 0x7ffa980d0000 end_va = 0x7ffa9824ffff monitored = 0 entry_point = 0x7ffa980f7430 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 1380 start_va = 0x7ffa98310000 end_va = 0x7ffa98319fff monitored = 0 entry_point = 0x7ffa98311f00 region_type = mapped_file name = "mobilenetworking.dll" filename = "\\Windows\\System32\\mobilenetworking.dll" (normalized: "c:\\windows\\system32\\mobilenetworking.dll") Region: id = 1381 start_va = 0x7ffa98410000 end_va = 0x7ffa98443fff monitored = 0 entry_point = 0x7ffa98432260 region_type = mapped_file name = "comppkgsup.dll" filename = "\\Windows\\System32\\CompPkgSup.dll" (normalized: "c:\\windows\\system32\\comppkgsup.dll") Region: id = 1382 start_va = 0x7ffa98640000 end_va = 0x7ffa9864ffff monitored = 0 entry_point = 0x7ffa986415e0 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1383 start_va = 0x7ffa988b0000 end_va = 0x7ffa989b1fff monitored = 0 entry_point = 0x7ffa988f57d0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1384 start_va = 0x7ffa98aa0000 end_va = 0x7ffa98b24fff monitored = 0 entry_point = 0x7ffa98ac0b70 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 1385 start_va = 0x7ffa98c10000 end_va = 0x7ffa98c79fff monitored = 0 entry_point = 0x7ffa98c12350 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1386 start_va = 0x7ffa98c80000 end_va = 0x7ffa98c93fff monitored = 0 entry_point = 0x7ffa98c837a0 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll") Region: id = 1387 start_va = 0x7ffa98ca0000 end_va = 0x7ffa98d40fff monitored = 0 entry_point = 0x7ffa98ca3970 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 1388 start_va = 0x7ffa98d50000 end_va = 0x7ffa98d68fff monitored = 0 entry_point = 0x7ffa98d52110 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 1389 start_va = 0x7ffa98e90000 end_va = 0x7ffa98efbfff monitored = 0 entry_point = 0x7ffa98eaec00 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1390 start_va = 0x7ffa99020000 end_va = 0x7ffa990cdfff monitored = 0 entry_point = 0x7ffa9906b570 region_type = mapped_file name = "textshaping.dll" filename = "\\Windows\\System32\\TextShaping.dll" (normalized: "c:\\windows\\system32\\textshaping.dll") Region: id = 1391 start_va = 0x7ffa990d0000 end_va = 0x7ffa990ecfff monitored = 0 entry_point = 0x7ffa990d29b0 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1392 start_va = 0x7ffa99290000 end_va = 0x7ffa992a6fff monitored = 0 entry_point = 0x7ffa992924b0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1393 start_va = 0x7ffa99ad0000 end_va = 0x7ffa99c75fff monitored = 0 entry_point = 0x7ffa99aff1b0 region_type = mapped_file name = "windows.globalization.dll" filename = "\\Windows\\System32\\Windows.Globalization.dll" (normalized: "c:\\windows\\system32\\windows.globalization.dll") Region: id = 1394 start_va = 0x7ffa99c80000 end_va = 0x7ffa99efdfff monitored = 0 entry_point = 0x7ffa99d173a0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 1395 start_va = 0x7ffa99f00000 end_va = 0x7ffa9a0ecfff monitored = 0 entry_point = 0x7ffa99f7ea20 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1396 start_va = 0x7ffa9a160000 end_va = 0x7ffa9a296fff monitored = 0 entry_point = 0x7ffa9a183b60 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll") Region: id = 1397 start_va = 0x7ffa9a2a0000 end_va = 0x7ffa9a54dfff monitored = 0 entry_point = 0x7ffa9a2d69a0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1398 start_va = 0x7ffa9a550000 end_va = 0x7ffa9b60ffff monitored = 0 entry_point = 0x7ffa9a899f90 region_type = mapped_file name = "windows.ui.xaml.dll" filename = "\\Windows\\System32\\Windows.UI.Xaml.dll" (normalized: "c:\\windows\\system32\\windows.ui.xaml.dll") Region: id = 1399 start_va = 0x7ffa9b610000 end_va = 0x7ffa9b63cfff monitored = 0 entry_point = 0x7ffa9b617cd0 region_type = mapped_file name = "bcp47mrm.dll" filename = "\\Windows\\System32\\BCP47mrm.dll" (normalized: "c:\\windows\\system32\\bcp47mrm.dll") Region: id = 1400 start_va = 0x7ffa9b640000 end_va = 0x7ffa9b66cfff monitored = 0 entry_point = 0x7ffa9b657ec0 region_type = mapped_file name = "languageoverlayutil.dll" filename = "\\Windows\\System32\\LanguageOverlayUtil.dll" (normalized: "c:\\windows\\system32\\languageoverlayutil.dll") Region: id = 1401 start_va = 0x7ffa9b670000 end_va = 0x7ffa9b7c0fff monitored = 0 entry_point = 0x7ffa9b688050 region_type = mapped_file name = "inputhost.dll" filename = "\\Windows\\System32\\InputHost.dll" (normalized: "c:\\windows\\system32\\inputhost.dll") Region: id = 1402 start_va = 0x7ffa9b7d0000 end_va = 0x7ffa9b8cbfff monitored = 0 entry_point = 0x7ffa9b80ae50 region_type = mapped_file name = "textinputframework.dll" filename = "\\Windows\\System32\\TextInputFramework.dll" (normalized: "c:\\windows\\system32\\textinputframework.dll") Region: id = 1403 start_va = 0x7ffa9b8d0000 end_va = 0x7ffa9ba1bfff monitored = 0 entry_point = 0x7ffa9b901ac0 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll") Region: id = 1404 start_va = 0x7ffa9ba20000 end_va = 0x7ffa9bb13fff monitored = 0 entry_point = 0x7ffa9ba61eb0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 1405 start_va = 0x7ffa9bb60000 end_va = 0x7ffa9bbb9fff monitored = 0 entry_point = 0x7ffa9bb763c0 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 1406 start_va = 0x7ffa9bbc0000 end_va = 0x7ffa9bc52fff monitored = 0 entry_point = 0x7ffa9bbc9e10 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1407 start_va = 0x7ffa9bc60000 end_va = 0x7ffa9bcb3fff monitored = 0 entry_point = 0x7ffa9bc6dee0 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 1408 start_va = 0x7ffa9bcc0000 end_va = 0x7ffa9bdb7fff monitored = 0 entry_point = 0x7ffa9bcd73e0 region_type = mapped_file name = "appxdeploymentclient.dll" filename = "\\Windows\\System32\\AppXDeploymentClient.dll" (normalized: "c:\\windows\\system32\\appxdeploymentclient.dll") Region: id = 1409 start_va = 0x7ffa9bdc0000 end_va = 0x7ffa9be2efff monitored = 0 entry_point = 0x7ffa9bdca850 region_type = mapped_file name = "wincorlib.dll" filename = "\\Windows\\System32\\wincorlib.dll" (normalized: "c:\\windows\\system32\\wincorlib.dll") Region: id = 1410 start_va = 0x7ffa9bed0000 end_va = 0x7ffa9bf52fff monitored = 0 entry_point = 0x7ffa9bed40e0 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 1411 start_va = 0x7ffa9bf60000 end_va = 0x7ffa9c025fff monitored = 0 entry_point = 0x7ffa9bf93f00 region_type = mapped_file name = "windows.storage.search.dll" filename = "\\Windows\\System32\\Windows.Storage.Search.dll" (normalized: "c:\\windows\\system32\\windows.storage.search.dll") Region: id = 1412 start_va = 0x7ffa9c030000 end_va = 0x7ffa9c069fff monitored = 0 entry_point = 0x7ffa9c0351c0 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 1413 start_va = 0x7ffa9c070000 end_va = 0x7ffa9c0bffff monitored = 0 entry_point = 0x7ffa9c072520 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 1414 start_va = 0x7ffa9c0c0000 end_va = 0x7ffa9c0ecfff monitored = 0 entry_point = 0x7ffa9c0c5010 region_type = mapped_file name = "settingmonitor.dll" filename = "\\Windows\\System32\\SettingMonitor.dll" (normalized: "c:\\windows\\system32\\settingmonitor.dll") Region: id = 1415 start_va = 0x7ffa9c0f0000 end_va = 0x7ffa9c120fff monitored = 0 entry_point = 0x7ffa9c0f2590 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 1416 start_va = 0x7ffa9c1a0000 end_va = 0x7ffa9c1b8fff monitored = 0 entry_point = 0x7ffa9c1a51e0 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1417 start_va = 0x7ffa9c230000 end_va = 0x7ffa9c26afff monitored = 0 entry_point = 0x7ffa9c251b10 region_type = mapped_file name = "dxcore.dll" filename = "\\Windows\\System32\\DXCore.dll" (normalized: "c:\\windows\\system32\\dxcore.dll") Region: id = 1418 start_va = 0x7ffa9c270000 end_va = 0x7ffa9c965fff monitored = 0 entry_point = 0x7ffa9c80ec40 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 1419 start_va = 0x7ffa9ca60000 end_va = 0x7ffa9cac4fff monitored = 0 entry_point = 0x7ffa9ca73640 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1420 start_va = 0x7ffa9ce40000 end_va = 0x7ffa9cedffff monitored = 0 entry_point = 0x7ffa9ce44570 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1421 start_va = 0x7ffa9cef0000 end_va = 0x7ffa9cefbfff monitored = 0 entry_point = 0x7ffa9cef1690 region_type = mapped_file name = "nlmproxy.dll" filename = "\\Windows\\System32\\nlmproxy.dll" (normalized: "c:\\windows\\system32\\nlmproxy.dll") Region: id = 1422 start_va = 0x7ffa9cf80000 end_va = 0x7ffa9cfbcfff monitored = 0 entry_point = 0x7ffa9cf8b030 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1423 start_va = 0x7ffa9d180000 end_va = 0x7ffa9d195fff monitored = 0 entry_point = 0x7ffa9d184250 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 1424 start_va = 0x7ffa9d220000 end_va = 0x7ffa9d230fff monitored = 0 entry_point = 0x7ffa9d223670 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1425 start_va = 0x7ffa9d360000 end_va = 0x7ffa9daf0fff monitored = 0 entry_point = 0x7ffa9d375f30 region_type = mapped_file name = "onecoreuapcommonproxystub.dll" filename = "\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\onecoreuapcommonproxystub.dll") Region: id = 1426 start_va = 0x7ffa9db00000 end_va = 0x7ffa9db10fff monitored = 0 entry_point = 0x7ffa9db06a80 region_type = mapped_file name = "coloradapterclient.dll" filename = "\\Windows\\System32\\coloradapterclient.dll" (normalized: "c:\\windows\\system32\\coloradapterclient.dll") Region: id = 1427 start_va = 0x7ffa9db20000 end_va = 0x7ffa9dbcdfff monitored = 0 entry_point = 0x7ffa9db2b110 region_type = mapped_file name = "mscms.dll" filename = "\\Windows\\System32\\mscms.dll" (normalized: "c:\\windows\\system32\\mscms.dll") Region: id = 1428 start_va = 0x7ffa9dc40000 end_va = 0x7ffa9dc86fff monitored = 0 entry_point = 0x7ffa9dc530b0 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 1429 start_va = 0x7ffa9dc90000 end_va = 0x7ffa9de43fff monitored = 0 entry_point = 0x7ffa9dd068b0 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 1430 start_va = 0x7ffa9df50000 end_va = 0x7ffa9e151fff monitored = 0 entry_point = 0x7ffa9dfbd800 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1431 start_va = 0x7ffa9e160000 end_va = 0x7ffa9e200fff monitored = 0 entry_point = 0x7ffa9e1701b0 region_type = mapped_file name = "windowmanagementapi.dll" filename = "\\Windows\\System32\\WindowManagementAPI.dll" (normalized: "c:\\windows\\system32\\windowmanagementapi.dll") Region: id = 1432 start_va = 0x7ffa9e210000 end_va = 0x7ffa9e279fff monitored = 0 entry_point = 0x7ffa9e218c30 region_type = mapped_file name = "ninput.dll" filename = "\\Windows\\System32\\ninput.dll" (normalized: "c:\\windows\\system32\\ninput.dll") Region: id = 1433 start_va = 0x7ffa9e580000 end_va = 0x7ffa9e589fff monitored = 0 entry_point = 0x7ffa9e581780 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1434 start_va = 0x7ffa9e590000 end_va = 0x7ffa9e5acfff monitored = 0 entry_point = 0x7ffa9e596d40 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1435 start_va = 0x7ffa9e7e0000 end_va = 0x7ffa9e815fff monitored = 0 entry_point = 0x7ffa9e7ef5a0 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1436 start_va = 0x7ffa9e820000 end_va = 0x7ffa9ea82fff monitored = 0 entry_point = 0x7ffa9e89b0b0 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 1437 start_va = 0x7ffa9ef20000 end_va = 0x7ffa9f4dffff monitored = 0 entry_point = 0x7ffa9eff9920 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 1438 start_va = 0x7ffa9f4e0000 end_va = 0x7ffa9f5d4fff monitored = 0 entry_point = 0x7ffa9f522860 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1439 start_va = 0x7ffa9f5e0000 end_va = 0x7ffa9f603fff monitored = 0 entry_point = 0x7ffa9f5e3de0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1440 start_va = 0x7ffa9f620000 end_va = 0x7ffa9f634fff monitored = 0 entry_point = 0x7ffa9f6229c0 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 1441 start_va = 0x7ffa9f640000 end_va = 0x7ffa9f653fff monitored = 0 entry_point = 0x7ffa9f6428c0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1442 start_va = 0x7ffa9f660000 end_va = 0x7ffa9f78ffff monitored = 0 entry_point = 0x7ffa9f6fdcf0 region_type = mapped_file name = "dsreg.dll" filename = "\\Windows\\System32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll") Region: id = 1443 start_va = 0x7ffa9f790000 end_va = 0x7ffa9f799fff monitored = 0 entry_point = 0x7ffa9f791390 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1444 start_va = 0x7ffa9f850000 end_va = 0x7ffa9f860fff monitored = 0 entry_point = 0x7ffa9f856910 region_type = mapped_file name = "dusmapi.dll" filename = "\\Windows\\System32\\dusmapi.dll" (normalized: "c:\\windows\\system32\\dusmapi.dll") Region: id = 1445 start_va = 0x7ffa9f870000 end_va = 0x7ffa9f9c5fff monitored = 0 entry_point = 0x7ffa9f89b240 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1446 start_va = 0x7ffa9f9d0000 end_va = 0x7ffa9fbb4fff monitored = 0 entry_point = 0x7ffa9fa2ddd0 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 1447 start_va = 0x7ffa9ff40000 end_va = 0x7ffaa0299fff monitored = 0 entry_point = 0x7ffa9ffc2d50 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 1448 start_va = 0x7ffaa02a0000 end_va = 0x7ffaa0391fff monitored = 0 entry_point = 0x7ffaa02f70f0 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 1449 start_va = 0x7ffaa04d0000 end_va = 0x7ffaa055ffff monitored = 0 entry_point = 0x7ffaa04e0880 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1450 start_va = 0x7ffaa05a0000 end_va = 0x7ffaa063efff monitored = 0 entry_point = 0x7ffaa05c9120 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1451 start_va = 0x7ffaa0680000 end_va = 0x7ffaa0693fff monitored = 0 entry_point = 0x7ffaa0684280 region_type = mapped_file name = "resourcepolicyclient.dll" filename = "\\Windows\\System32\\ResourcePolicyClient.dll" (normalized: "c:\\windows\\system32\\resourcepolicyclient.dll") Region: id = 1452 start_va = 0x7ffaa0770000 end_va = 0x7ffaa0848fff monitored = 0 entry_point = 0x7ffaa07c7a70 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1453 start_va = 0x7ffaa0850000 end_va = 0x7ffaa0879fff monitored = 0 entry_point = 0x7ffaa0859e30 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 1454 start_va = 0x7ffaa0950000 end_va = 0x7ffaa097dfff monitored = 0 entry_point = 0x7ffaa09542d0 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1455 start_va = 0x7ffaa0a60000 end_va = 0x7ffaa0a72fff monitored = 0 entry_point = 0x7ffaa0a63f60 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1456 start_va = 0x7ffaa0c60000 end_va = 0x7ffaa13e9fff monitored = 0 entry_point = 0x7ffaa0e1c050 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1457 start_va = 0x7ffaa1430000 end_va = 0x7ffaa1522fff monitored = 0 entry_point = 0x7ffaa14544d0 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 1458 start_va = 0x7ffaa1530000 end_va = 0x7ffaa164afff monitored = 0 entry_point = 0x7ffaa153c250 region_type = mapped_file name = "tdh.dll" filename = "\\Windows\\System32\\tdh.dll" (normalized: "c:\\windows\\system32\\tdh.dll") Region: id = 1459 start_va = 0x7ffaa1680000 end_va = 0x7ffaa16a4fff monitored = 0 entry_point = 0x7ffaa1683920 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 1460 start_va = 0x7ffaa16b0000 end_va = 0x7ffaa16d8fff monitored = 0 entry_point = 0x7ffaa16b1bd0 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1461 start_va = 0x7ffaa1940000 end_va = 0x7ffaa1972fff monitored = 0 entry_point = 0x7ffaa1946930 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1462 start_va = 0x7ffaa1980000 end_va = 0x7ffaa19a8fff monitored = 0 entry_point = 0x7ffaa1989780 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 1463 start_va = 0x7ffaa1c10000 end_va = 0x7ffaa1c99fff monitored = 0 entry_point = 0x7ffaa1c55870 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1464 start_va = 0x7ffaa1ca0000 end_va = 0x7ffaa1cb6fff monitored = 0 entry_point = 0x7ffaa1ca1d60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1465 start_va = 0x7ffaa1ed0000 end_va = 0x7ffaa1f0afff monitored = 0 entry_point = 0x7ffaa1eda620 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1466 start_va = 0x7ffaa1f10000 end_va = 0x7ffaa1f1bfff monitored = 0 entry_point = 0x7ffaa1f11ce0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1467 start_va = 0x7ffaa23b0000 end_va = 0x7ffaa23c7fff monitored = 0 entry_point = 0x7ffaa23b4aa0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1468 start_va = 0x7ffaa23d0000 end_va = 0x7ffaa23dbfff monitored = 0 entry_point = 0x7ffaa23d2200 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1469 start_va = 0x7ffaa2460000 end_va = 0x7ffaa24b9fff monitored = 0 entry_point = 0x7ffaa246b770 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1470 start_va = 0x7ffaa24c0000 end_va = 0x7ffaa24eafff monitored = 0 entry_point = 0x7ffaa24c2db0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 1471 start_va = 0x7ffaa24f0000 end_va = 0x7ffaa252afff monitored = 0 entry_point = 0x7ffaa24f4000 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1472 start_va = 0x7ffaa2530000 end_va = 0x7ffaa2556fff monitored = 0 entry_point = 0x7ffaa2536200 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1473 start_va = 0x7ffaa2640000 end_va = 0x7ffaa2651fff monitored = 0 entry_point = 0x7ffaa26455f0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1474 start_va = 0x7ffaa2800000 end_va = 0x7ffaa282bfff monitored = 0 entry_point = 0x7ffaa2807370 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1475 start_va = 0x7ffaa2850000 end_va = 0x7ffaa2861fff monitored = 0 entry_point = 0x7ffaa2853e30 region_type = mapped_file name = "umpdc.dll" filename = "\\Windows\\System32\\umpdc.dll" (normalized: "c:\\windows\\system32\\umpdc.dll") Region: id = 1476 start_va = 0x7ffaa2870000 end_va = 0x7ffaa28bafff monitored = 0 entry_point = 0x7ffaa2873480 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1477 start_va = 0x7ffaa28c0000 end_va = 0x7ffaa2961fff monitored = 0 entry_point = 0x7ffaa28eca60 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1478 start_va = 0x7ffaa2970000 end_va = 0x7ffaa299dfff monitored = 0 entry_point = 0x7ffaa2974f10 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1479 start_va = 0x7ffaa29a0000 end_va = 0x7ffaa29d0fff monitored = 0 entry_point = 0x7ffaa29ae380 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1480 start_va = 0x7ffaa29f0000 end_va = 0x7ffaa2a0efff monitored = 0 entry_point = 0x7ffaa29f8ca0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1481 start_va = 0x7ffaa2ab0000 end_va = 0x7ffaa2ad6fff monitored = 0 entry_point = 0x7ffaa2ab8690 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1482 start_va = 0x7ffaa2ae0000 end_va = 0x7ffaa2be9fff monitored = 0 entry_point = 0x7ffaa2b11300 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll") Region: id = 1483 start_va = 0x7ffaa2bf0000 end_va = 0x7ffaa2d4cfff monitored = 0 entry_point = 0x7ffaa2c3efa0 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1484 start_va = 0x7ffaa2d50000 end_va = 0x7ffaa2e4ffff monitored = 0 entry_point = 0x7ffaa2d65ac0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1485 start_va = 0x7ffaa2e50000 end_va = 0x7ffaa2ecefff monitored = 0 entry_point = 0x7ffaa2e873e0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1486 start_va = 0x7ffaa2ed0000 end_va = 0x7ffaa2f1cfff monitored = 0 entry_point = 0x7ffaa2ee3280 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1487 start_va = 0x7ffaa2f20000 end_va = 0x7ffaa2f41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll") Region: id = 1488 start_va = 0x7ffaa2f50000 end_va = 0x7ffaa2fecfff monitored = 0 entry_point = 0x7ffaa2f65390 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 1489 start_va = 0x7ffaa2ff0000 end_va = 0x7ffaa32b6fff monitored = 0 entry_point = 0x7ffaa3001bd0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1490 start_va = 0x7ffaa32c0000 end_va = 0x7ffaa331ffff monitored = 0 entry_point = 0x7ffaa32d0380 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1491 start_va = 0x7ffaa3430000 end_va = 0x7ffaa34ddfff monitored = 0 entry_point = 0x7ffaa346b940 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1492 start_va = 0x7ffaa3540000 end_va = 0x7ffaa35dafff monitored = 0 entry_point = 0x7ffaa355c3e0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1493 start_va = 0x7ffaa35e0000 end_va = 0x7ffaa3634fff monitored = 0 entry_point = 0x7ffaa35ea7e0 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1494 start_va = 0x7ffaa36e0000 end_va = 0x7ffaa387ffff monitored = 0 entry_point = 0x7ffaa36f7a10 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1495 start_va = 0x7ffaa3a50000 end_va = 0x7ffaa3b0cfff monitored = 0 entry_point = 0x7ffaa3a67070 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1496 start_va = 0x7ffaa3b10000 end_va = 0x7ffaa3c24fff monitored = 0 entry_point = 0x7ffaa3b4eb60 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1497 start_va = 0x7ffaa3c30000 end_va = 0x7ffaa3c38fff monitored = 0 entry_point = 0x7ffaa3c32020 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1498 start_va = 0x7ffaa3ca0000 end_va = 0x7ffaa3d3dfff monitored = 0 entry_point = 0x7ffaa3ca7850 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1499 start_va = 0x7ffaa3d40000 end_va = 0x7ffaa3e14fff monitored = 0 entry_point = 0x7ffaa3d5d190 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1500 start_va = 0x7ffaa3e20000 end_va = 0x7ffaa3e4ffff monitored = 0 entry_point = 0x7ffaa3e214d0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1501 start_va = 0x7ffaa3e50000 end_va = 0x7ffaa3f72fff monitored = 0 entry_point = 0x7ffaa3eada30 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1502 start_va = 0x7ffaa3f80000 end_va = 0x7ffaa42d3fff monitored = 0 entry_point = 0x7ffaa4071d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1503 start_va = 0x7ffaa42e0000 end_va = 0x7ffaa4746fff monitored = 0 entry_point = 0x7ffaa4303230 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1504 start_va = 0x7ffaa4760000 end_va = 0x7ffaa4789fff monitored = 0 entry_point = 0x7ffaa47648d0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1505 start_va = 0x7ffaa4790000 end_va = 0x7ffaa47fafff monitored = 0 entry_point = 0x7ffaa47a4300 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1506 start_va = 0x7ffaa4800000 end_va = 0x7ffaa4928fff monitored = 0 entry_point = 0x7ffaa4826140 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1507 start_va = 0x7ffaa4930000 end_va = 0x7ffaa49a8fff monitored = 0 entry_point = 0x7ffaa49528f0 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 1508 start_va = 0x7ffaa49b0000 end_va = 0x7ffaa50e0fff monitored = 0 entry_point = 0x7ffaa4abe6e0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1509 start_va = 0x7ffaa50f0000 end_va = 0x7ffaa5197fff monitored = 0 entry_point = 0x7ffaa510d990 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1510 start_va = 0x7ffaa51a0000 end_va = 0x7ffaa5249fff monitored = 0 entry_point = 0x7ffaa51b5470 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1511 start_va = 0x7ffaa5370000 end_va = 0x7ffaa5563fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1748 start_va = 0x1f60000 end_va = 0x1f61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 1749 start_va = 0x1fa0000 end_va = 0x1fa1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fa0000" filename = "" Region: id = 1750 start_va = 0x5840000 end_va = 0x58bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005840000" filename = "" Thread: id = 37 os_tid = 0x14c8 Thread: id = 38 os_tid = 0x11f8 Thread: id = 39 os_tid = 0xe64 Thread: id = 40 os_tid = 0x1648 Thread: id = 41 os_tid = 0x1500 Thread: id = 42 os_tid = 0x1390 Thread: id = 43 os_tid = 0x1344 Thread: id = 44 os_tid = 0x1328 Thread: id = 45 os_tid = 0x1308 Thread: id = 46 os_tid = 0x1268 Thread: id = 47 os_tid = 0x1250 Thread: id = 48 os_tid = 0x1244 Thread: id = 49 os_tid = 0x1194 Thread: id = 50 os_tid = 0x1170 Thread: id = 51 os_tid = 0x1128 Thread: id = 52 os_tid = 0x1104 Thread: id = 53 os_tid = 0x10d0 Thread: id = 54 os_tid = 0x102c Thread: id = 55 os_tid = 0x834 Thread: id = 56 os_tid = 0xe5c Thread: id = 57 os_tid = 0x378 Thread: id = 58 os_tid = 0x4cc Thread: id = 59 os_tid = 0x838 Thread: id = 60 os_tid = 0xad4 Thread: id = 61 os_tid = 0x708 Thread: id = 62 os_tid = 0x998 Thread: id = 63 os_tid = 0xfc0 Thread: id = 64 os_tid = 0xe80 Thread: id = 65 os_tid = 0xe7c Thread: id = 66 os_tid = 0xe74 Thread: id = 67 os_tid = 0xe70 Thread: id = 68 os_tid = 0xcac Thread: id = 69 os_tid = 0xc88 Thread: id = 70 os_tid = 0xc78 Thread: id = 71 os_tid = 0xc70 Thread: id = 72 os_tid = 0xc6c Thread: id = 73 os_tid = 0xc68 Thread: id = 74 os_tid = 0xc64 Thread: id = 75 os_tid = 0xc58 Thread: id = 76 os_tid = 0xc08 Thread: id = 77 os_tid = 0xc04 Thread: id = 78 os_tid = 0x9a4 Thread: id = 79 os_tid = 0xb5c Thread: id = 80 os_tid = 0xb58 Thread: id = 81 os_tid = 0xb50 Thread: id = 82 os_tid = 0xb4c Thread: id = 83 os_tid = 0xb48 Thread: id = 84 os_tid = 0xb44 Thread: id = 85 os_tid = 0xb08 Thread: id = 86 os_tid = 0xafc Thread: id = 87 os_tid = 0xaec Thread: id = 88 os_tid = 0xae8 Thread: id = 89 os_tid = 0xadc Thread: id = 90 os_tid = 0xac8 Thread: id = 91 os_tid = 0xa80 Thread: id = 92 os_tid = 0xa68 Thread: id = 93 os_tid = 0xa60 Thread: id = 94 os_tid = 0xa5c Thread: id = 95 os_tid = 0xa2c Thread: id = 96 os_tid = 0xa14 Thread: id = 97 os_tid = 0xa04 Thread: id = 98 os_tid = 0x15ac Thread: id = 116 os_tid = 0x850 Process: id = "6" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x34c16000" os_pid = "0x17e4" os_integrity_level = "0x3000" os_privileges = "0x60900000" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x30c" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001cfa9" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1657 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1658 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1659 start_va = 0x30000 end_va = 0x4cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1660 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1661 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 1662 start_va = 0x160000 end_va = 0x161fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1663 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 1664 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1665 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1666 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1667 start_va = 0x1b0000 end_va = 0x1b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1668 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1669 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1670 start_va = 0x1e0000 end_va = 0x1e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1671 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1672 start_va = 0x400000 end_va = 0x4c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1673 start_va = 0x4d0000 end_va = 0x4d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1674 start_va = 0x4e0000 end_va = 0x4e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1675 start_va = 0x500000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1676 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1677 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1678 start_va = 0x800000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 1679 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1680 start_va = 0xa00000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 1681 start_va = 0xb00000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 1682 start_va = 0xd00000 end_va = 0xe80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d00000" filename = "" Region: id = 1683 start_va = 0xe90000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e90000" filename = "" Region: id = 1684 start_va = 0x2340000 end_va = 0x234ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 1685 start_va = 0x2350000 end_va = 0x244ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 1686 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1687 start_va = 0x7ff4fde90000 end_va = 0x7ff4fdf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff4fde90000" filename = "" Region: id = 1688 start_va = 0x7ff4fdf90000 end_va = 0x7ff5fdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdf90000" filename = "" Region: id = 1689 start_va = 0x7ff5fdfb0000 end_va = 0x7ff5fffb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fdfb0000" filename = "" Region: id = 1690 start_va = 0x7ff5fffc0000 end_va = 0x7ff5fffc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffc0000" filename = "" Region: id = 1691 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 1692 start_va = 0x7ff606710000 end_va = 0x7ff606718fff monitored = 0 entry_point = 0x7ff6067114e0 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe") Region: id = 1693 start_va = 0x7ffa8f830000 end_va = 0x7ffa8f895fff monitored = 0 entry_point = 0x7ffa8f84d000 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 1694 start_va = 0x7ffa9f4e0000 end_va = 0x7ffa9f5d4fff monitored = 0 entry_point = 0x7ffa9f522860 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1695 start_va = 0x7ffaa05a0000 end_va = 0x7ffaa063efff monitored = 0 entry_point = 0x7ffaa05c9120 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1696 start_va = 0x7ffaa0a60000 end_va = 0x7ffaa0a72fff monitored = 0 entry_point = 0x7ffaa0a63f60 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1697 start_va = 0x7ffaa2ae0000 end_va = 0x7ffaa2be9fff monitored = 0 entry_point = 0x7ffaa2b11300 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll") Region: id = 1698 start_va = 0x7ffaa2d50000 end_va = 0x7ffaa2e4ffff monitored = 0 entry_point = 0x7ffaa2d65ac0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1699 start_va = 0x7ffaa2e50000 end_va = 0x7ffaa2ecefff monitored = 0 entry_point = 0x7ffaa2e873e0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1700 start_va = 0x7ffaa2f20000 end_va = 0x7ffaa2f41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll") Region: id = 1701 start_va = 0x7ffaa2f50000 end_va = 0x7ffaa2fecfff monitored = 0 entry_point = 0x7ffaa2f65390 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 1702 start_va = 0x7ffaa2ff0000 end_va = 0x7ffaa32b6fff monitored = 0 entry_point = 0x7ffaa3001bd0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1703 start_va = 0x7ffaa3430000 end_va = 0x7ffaa34ddfff monitored = 0 entry_point = 0x7ffaa346b940 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1704 start_va = 0x7ffaa3540000 end_va = 0x7ffaa35dafff monitored = 0 entry_point = 0x7ffaa355c3e0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1705 start_va = 0x7ffaa36e0000 end_va = 0x7ffaa387ffff monitored = 0 entry_point = 0x7ffaa36f7a10 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1706 start_va = 0x7ffaa3a50000 end_va = 0x7ffaa3b0cfff monitored = 0 entry_point = 0x7ffaa3a67070 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1707 start_va = 0x7ffaa3ca0000 end_va = 0x7ffaa3d3dfff monitored = 0 entry_point = 0x7ffaa3ca7850 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1708 start_va = 0x7ffaa3e20000 end_va = 0x7ffaa3e4ffff monitored = 0 entry_point = 0x7ffaa3e214d0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1709 start_va = 0x7ffaa3e50000 end_va = 0x7ffaa3f72fff monitored = 0 entry_point = 0x7ffaa3eada30 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1710 start_va = 0x7ffaa3f80000 end_va = 0x7ffaa42d3fff monitored = 0 entry_point = 0x7ffaa4071d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1711 start_va = 0x7ffaa4760000 end_va = 0x7ffaa4789fff monitored = 0 entry_point = 0x7ffaa47648d0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1712 start_va = 0x7ffaa50f0000 end_va = 0x7ffaa5197fff monitored = 0 entry_point = 0x7ffaa510d990 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1713 start_va = 0x7ffaa5370000 end_va = 0x7ffaa5563fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 107 os_tid = 0x15d8 Thread: id = 108 os_tid = 0x1680 Thread: id = 109 os_tid = 0x15d4 Thread: id = 110 os_tid = 0x1598 Thread: id = 111 os_tid = 0x15cc Thread: id = 112 os_tid = 0xa28 Thread: id = 113 os_tid = 0x16f8 Thread: id = 114 os_tid = 0x4c8